JP5069501B2 - Security management system - Google Patents

Description

  The present invention is intended to ensure the confidentiality of information to be handled, the safety of the human body, the environment, etc., and to enter and exit a facility that requires a high level of security (entrance / exit), and the equipment installed in such a facility, The present invention relates to a security management system that integrally manages operation and use of devices.

  Only specially authorized persons (hereinafter referred to as “persons”) are allowed to enter and leave facilities that require a high degree of confidentiality, places that are dangerous to the human body and the environment, financial institutions, automated teller machines (ATMs), etc. Unauthorized facilities / locations allow entry / exit of the person by key verification.

  In order to ensure a high level of security, the key used for unlocking is complicated to prevent the intrusion of suspicious persons or intruders (hereinafter referred to as “non-persons”), or the use of multiple keys makes it difficult to intrude. Have been proposed.

  Physical locks have become more sophisticated year by year, making it difficult to penetrate outside such as electronic locks and electromagnetic locks, and it has become so robust that it is difficult to break down and enter physical locks installed in facilities.

  However, whether the key that the person brings to unlock the physical lock has been stolen or forged, that is, even if it is not the person, as long as he possesses it, personal authentication is possible. This makes it possible to enter / exit a specific area and use the equipment inside.

  Even if a PIN (personal identification number) code such as encryption or personal identification is leaked, personal identification is possible even if it is not the person, as long as the ID or personal identification number is known. This makes it possible to use the locked specific area and to use the equipment inside the room. In particular, in the case of a password, in order to make it easier to memorize IDs and passwords, data belonging to the person such as birthdays and telephone numbers are often registered or left in memos. There is a very high risk of leakage, and incorrect personal authentication is likely to occur.

  In the conventional system, in order to achieve a higher level of security, the key is complicated, and double, triple, and quadruple encryption, passwords, and passwords are used to improve security. However, due to complexity, there are situations where recovery takes time or cannot be recovered if the key is lost or the key is lost or the encryption authentication number is forgotten. In addition, since the security system becomes more complicated, there are inconveniences such as high costs and maintenance costs, and complicated installation in facilities.

  The fundamental solution to these problems is biometric authentication that uses the characteristics of the person's body for authentication verification. Since these biometric authentications use a part of the biometric that can only be possessed by the principal, there is no possibility of theft or falsification, and there is no loss.

  In such biometric authentication, information on the biometric part of the person is registered in advance, and the registered biometric data is compared with the person. This biometric authentication has been proposed, and personal authentication with extremely high security is becoming possible.

  In addition, a method and system for constructing a more advanced personal authentication system by combining these biometric authentications with other encryption codes and PIN numbers have been proposed. In addition, various methods have been provided for simultaneously managing the operation and use of facility equipment inside the facility / place as the room enters and exits.

  However, even in systems where biometric authentication is used, unauthorized access by the person, the person himself / herself accidentally entering or leaving the room, or operating the device, or the person himself / herself becomes a villain through the use of biometric authentication or threatens others. There was a problem that it was not possible to prevent the system from entering or leaving the system unwillingly. These situations need to be regarded as a problem in the security management system environment for entering and leaving the room rather than improving the security of biometric keys and physical keys.

  In addition, when using biometric authentication, personal data registered with biometric authentication is required to be strictly managed as personal information. However, centralized management is performed in management centers and data centers that have an environment where strict management of biometric personal data can be managed, and even if problems such as leakage, leakage, and unauthorized use of personal data do not occur, those personal data In the field and the mobile environment where it is used each time, management is relatively neglected and problems tend to occur.

  In general, security systems that strictly control entry / exit and operation of devices / systems and restrict or deny access to non-persons other than the principal are provided with locks at the entrance / exit which is the door / door of each facility. This prevents unauthorized entry into the interior. Facilities and areas where such security management is required (hereinafter referred to as “specific facilities”) are facilities or places that handle money, valuables, confidential information, dangerous goods, etc., or facilities that are required to prevent terrorism. . As an example, there are various facilities and places such as an ATM installation place of a financial company, an airport, a calculation center, a research institute of a company or a university, a nuclear power plant, an epidemiological research institute, and a dangerous goods management facility.

  As security management systems for these specific areas, it is possible to prevent intrusion of non-persons and incorrect equipment operation in the facility by restricting the access by non-stakeholders with individual keys and improving the security level of the keys. Has been done.

  In recent years, an environment in which biometric authentication is used as a security means has been prepared for the advancement of security, and the number of systems that register a part of a person's biological body in advance and execute biometric authentication is increasing. Further, in such a security management company and a security company, centralized security management is being performed by connecting each specific area with a net line.

  Here, biometric authentication refers to authenticating an individual using characteristics of a living body, that is, a person's fingerprint, iris, voiceprint, face, palm shape, signature, retina pattern, finger, palm, and back of the hand. Since these are different for each person and do not change over a long period of time, they can be used for identification (individual authentication) of the person, and authentication is performed by using the characteristics of these living bodies. In this biometric authentication system, features such as fingerprints, irises, retinal patterns, fingers, palms and veins of the back of the hand, etc., which are inherently possessed by the person, are registered in advance, and these biometric features are collated when used. This identifies the person.

  Since this biological characteristic is unique to the living body and is not separated from the living body, basically, theft, forgery or leakage does not occur. Therefore, if such biometric authentication is used as an unlocking key, high security can be obtained, and it is extremely effective for personal authentication for entering and leaving a specific area, and is always attached to the person. It is a key that is not misplaced like a physical key, and is very unlikely to be stolen, lost, or copied. Furthermore, even if compared with an encryption key or PIN code, it cannot be stolen, forgotten by the person, or wrong. That is, in a security management system based on biometric authentication, a considerably high level of security can be secured as the key itself.

  Next, the users who are allowed access to enter or leave a specific area include equipment users (users) within the facility, facilities or equipment managers / maintenance / inspectors, and money collection companies such as equipment usage fees. There are various levels.

  Taking a bank's ATM system as an example, a user who is a general customer uses an ATM device in a specific area where the ATM is installed to withdraw money, and an ATM maintenance manager routinely needs it. The ATM equipment is managed and maintained and supplies are replenished, and the money collection company collects money from each ATM equipment.

In addition, the person who is not allowed access is basically the person other than the person who is allowed to access, including impersonation of the person, but even if the person is allowed access, the person himself / herself operates the device by mistake. , When operating outside of the allowable operating hours, when being unlocked by intimidation from a third party, when operating the device beyond the permissible range, or when the person becomes a villain It is done.
JP 2006-53808 A

  In these advanced security systems using biometric authentication, unauthorized access is prevented, and the user's own mistakes and unintentional device operation and use in the security facility are prevented as much as possible. However, in the case of threats, it is desirable to prevent entry / exit that is contrary to the intention of the person, such as mistakes or mistaken entry / exit.

The security management system of the present invention is a security management system in which a computer system of a security company, a computer system of a management center, a store ATM, and a terminal device on the store side are connected via a communication network,

The computer system of the security company includes a first sensor, a terminal device of the security company, and a registration unit.
The first sensor is
  Means for detecting biometric information of workers of the security company traveling around the store ATM and transmitting it to the registration unit;
  Means for reading a worker's unique code for identifying the inputted worker and transmitting it to the registration unit;
With
  The registration unit is
A first database in which worker identification / biological information is stored;
  A second database storing store information including a store code of the store, an ATM number constituting the store ATM in the store, and an unlocking date and time zone of the ATM of the store;
A third database storing worker information including the worker's unique code and the worker's workable date and time;
In addition,
Means for combining the worker's biometric information from the first sensor and the worker's unique code, and storing this in the first database as the worker identification / biological information;
The worker identification / biological information of the first database and the worker information of the third database are transmitted as worker security information of the worker to the computer system of the management center and the store information is transmitted. Sending means to
With
  The computer system of the management center is
A fourth database in which the worker security information and the store information are stored;
A fifth database storing work schedule information of the workers;
A management center timer that outputs the current time Ti;
In addition,
Means for receiving the operator security information and the store information from the computer system of the security company and storing it in the fourth database;
The store information is read from the fourth database, and the worker security information having the workable date and time zone including the unlocking date and time zone of the store included in the store information is extracted and extracted. A specific period within the workable date and time zone of the worker in the worker security information is defined as a collection date and time period, and the worker's unique code included in the extracted worker security information for the collection date and time period and Means for adding a store code and the ATM number included in the store information of the fourth database, and storing this in the fifth database as a work schedule of the worker;
When the unlock schedule request information from the store ATM is received and the worker schedule having the collection date and time including the current time of the timer of the management center exists in the fifth database, the ATM number Means for transmitting an in-time work determination permission signal to permit the unlocking of the electric lock to the store ATM of the store;
When the unlocking is permitted, the worker identification / biological information in the worker security information having the worker's unique code, ATM number and shop code included in the unlocking request information Means for reading from the database of 4 and transmitting and storing it in the store ATM of the store;
With

The store ATM is
An ATM for outputting a signal notifying the unlocking or closing of the electric lock and the opening or closing of the door, a second sensor, and a locking unit;
The second sensor is
Means for detecting the biometric information of the store-side worker who circulates and collects the store ATM, and transmits this to the lock unit as biometric information of the store-side worker;
Means for reading the unique code of the shop-side worker input by the input means and transmitting it to the locking unit;
With
The locking unit is
A sixth database storing the worker identification / biological information from the computer system of the management center;
A first timer on the store side that measures the fixed time P;
A second timer for measuring a prescribed time tm (tm <P);
In addition,
Means for transmitting the store code from the second sensor, the ATM number, and the store worker's unique code to the management center computer system as the unlock request information;
The worker identification / biological information stored in the sixth storage means, the biological information of the store side worker from the second sensor, the store code, the ATM number, and the unique code of the store side worker; Matching means for determining whether or not the shop side worker identification and biometric information are matched ,
Means for activating the first timer and the collating means when the in-time work determination permission signal is received from the computer system of the management center accompanying the transmission of the unlocking request information;
If it is determined that the matching means match, means for outputting an unlocking permission signal to the electric lock;
With the output of the unlocking permission signal, the door is within the predetermined time Ti depending on whether or not a door opening signal is output from the door informing that the door has been opened within the predetermined time Ti of the first timer. A means to determine if it was opened,
When there is no door opening signal within the predetermined time Ti, an abnormality signal is transmitted to the computer system of the management center, the terminal device of the security company, the terminal device of the store,
If it is determined that the door has been opened within the predetermined time Ti, the means for starting the second timer;
Means for determining whether the second timer has measured the prescribed time tm;
When the door closing signal indicating that the door is closed is not transmitted within the specified time tm, an abnormal signal is transmitted to the store terminal, the management center computer system, the security company terminal device, and the store terminal device. Means and

In addition, work is in what is limited as much as possible in a short period of time, it is proof resign Rukoto as possible fraud.

  Performs sufficient management for entering and leaving specific facilities and using equipment in such facilities using physical keys used for identity authentication, numeric keys such as encryption, password, and PIN numbers, which were inconvenient in conventional systems. A system that takes into account the unintentional entry / exit of the person in the system using biometric authentication and the prevention of the person's villainization as much as possible, and a system that considers personal information leakage in biometric registration It is desirable to do.

<Embodiment 1>
FIG. 1 is a diagram showing an outline of a security management system for managing a key that enables entry / exit to a specific facility and operation of a specific device in the present invention.

  The security management system according to the present invention is a system in which a computer system 1 of a key owner company, a computer system 2 of a management center, and a plurality of store ATMs 3 are connected by a communication network 4.

  The computer system 2 of the management center includes a control unit 200 including a unique code database 22 that records a unique code of a key and a schedule management database 25 that records schedule information such as a key usable time frame.

  Further, the store ATM 3 is constructed by a specific device 307 that performs key authentication and unlocks when the key is used, a locking unit 300, and the like.

  Further, the computer system 1 of the key owner company includes an input means 15 for inputting various types of information of the worker, a registration unit 14 and the like.

  As the unique code of the key, it is common to use any one of the PIN numbers, encryptions, and passwords (passwords) of the workers 11, 12, 13 or a combination thereof.

  Here, a security management system in which a biometric authentication code is further included in the unique code and a sensor is connected to the registration unit and the locking unit will be described with reference to FIG.

(Registration unit 14 of key owner company 1)
A first sensor 15 is connected to the registration unit 14 installed in the key-owning company 1 in order to perform biometric authentication registration. The first sensor 15 is preferably a sensor for detecting patterns such as fingerprints, irises, retinas, veins of fingers and palms, veins on the back of the hand, and the like.

  As shown in FIG. 2, the registration unit 14 includes a reading unit 151 to which the first sensor 15 is connected, a data processing unit 152, a coding unit 153, an encryption unit 155, a first communication unit 16, and the like. Composed.

  In addition, although not shown, an input unit such as a keyboard for inputting personal information such as a unique code such as the PIN number, encryption, and personal identification number of the workers 11, 12 and 13 and a personal name is also included.

  The reading unit 151 converts the living body image captured by the first sensor 15 into a pattern image signal. The pattern image signal is sent to the data processing unit 152.

  The data processing unit 152 performs feature point processing and filtering on the pattern image signal of the captured information (image data such as fingerprints, irises and hand veins) and normalizes the pattern image signal into a form suitable for biometric authentication.

  The coding unit 153 performs algorithm processing on the pattern image signal normalized to a form suitable for biometric authentication, further converts it into a digital signal, and outputs it as coded biometric authentication data 154.

  Furthermore, in addition to the biometric authentication data 154, unique codes such as a PIN number, encryption, and a personal identification number (password) may be collected as a final unique code as necessary. Then, it is set as biometric data attached information 20 including attached information such as a worker's name and work schedule, together with the final unique code.

  At this time, it is encrypted by the firewall / encryption unit 155 and is devised to prevent signal leakage and information outflow in the communication network 4. However, in this encryption process, since biometric authentication is protected with high security, advanced or special encryption is not required, and normal encryption (scramble or the like) is sufficient.

The first communication unit 16 transmits the biometric authentication data attached information 20 to the management center 2 via the communication network 4 such as a VP network.
(Control unit 200 of management center 2)
The control unit 200 of the management center 2 includes a decoder unit 24, a schedule, in addition to the unique code database 22 that records the unique code of the key and the schedule management database 25 that records schedule information such as a key usable time frame. A construction unit 26, a clock frame setting unit 27, a collation unit 203, and a recording / logging unit 204 are included. Further, since the control unit 200 is constructed on a computer, the control unit 200 also includes a means generally included in the computer, such as a CPU 201, an input operation unit 202, and a control unit 205.

  Further, the control unit 200 includes a second communication unit 23 for communicating with the registration unit 14 of the key owner company 1 and a third communication unit 28 for communicating with the locking unit 300 in the specific area 3.

  When the second communication unit 23 receives the biometric data attached information 20 transmitted from the registration unit 14 of the key possessing company 1 via the communication network 4, it passes it directly to the decoder unit 24.

  The decoder unit 24 includes a firewall function, and restores the biometric data attached information 20 encrypted by the encryption unit 155 of the registration unit 14 of the key holding company 1.

  Among the restored biometric data attached information 20, information such as the biometric code 154 and the unique code (key unique code) associated with the workers 11, 12, and 13 is stored in the unique code database 22 (see FIG. 4).

  On the other hand, information that is not attached information unique to the operator, such as work schedules for the workers 11, 12, and 13, is stored in the schedule management database 25 (see FIG. 4).

  As a result, the unique codes and attached information of the plurality of workers 11, 12, 13 sent from the plurality of key owner companies 1 present in each region are stored in the biometric authentication database 22 and the schedule management database 25. Centralized management at the management center 2.

  The schedule construction unit 26 performs key usage schedule management for the workers 11, 12, and 13 of the key owner company 1 in each place. For example, the cash collection schedule for each store or ATM is set independently.

  Specifically, predetermined data necessary for the schedule is input from the input operation unit 202, and the work schedules of the workers 11, 12, and 13 transmitted from the registration unit 14 of the key owner company 1, each store, The schedule management database 25 is programmed with the selection of workers, the circulation order of each store and ATM, and the work date and time in consideration of the operational status of the ATM.

  At the same time, the time frame setting unit 27 sets a time frame in which the workers 11, 12, and 13 can access the specific area and the specific device in the schedule management database 25.

  For example, the unlocking / operation time frame of the first ATM to be patrol is set as a program, and this patrol program setting is such that the operators 11, 12, 13 and the store, and the patrol order are regularly determined. Instead, it is arbitrarily performed by a specific schedule setter (responsible person) or by random setting each time.

  However, depending on the situation, the worker and the visiting store are specified based on the schedule setting from each key owner company 1, but who can be an unlocker among the workers, the order of the stores and the details of the visiting time Is based on the schedule program setting of the management center 2.

  When the workers 11, 12, and 13 try to enter the specific area 3 or to operate the specific device, the collation unit 203 is provided from the locking unit 300 that will be described later. A unique code such as a PIN number 29a (hereinafter, unique code entered by the locking unit) transmitted through the communication network 4 and received by the third communication unit 28 by the input of the workers 11, 12, 13; The schedule construction unit 26 collates with a unique code such as a PIN number set in the schedule management database 25.

  At the same time, the collation unit 203 transmits the time at that time from the locking unit 300 via the communication network 4 when the workers 11, 12, and 13 input the PIN number, and the third communication unit 28 receives the time. Therefore, it is also checked whether or not the time matches the time frame set in advance by the time frame setting unit 27.

  Furthermore, it is preferable to perform authentication by setting a location authentication code for specifying a specific area and a device authentication code for specifying a specific device as authentication data. Hereinafter, the place authentication code and the device authentication code are referred to as a unique code.

  The recording / logging unit 204 records the data exchange with the locking unit 300 in the schedule management database 25 along with the time. However, in operation, not the schedule management database 25 but another storage device may be connected and recorded.

  The control unit 205 controls the sequence of data exchange with the registration unit 14 and the locking unit 300, and controls to ensure consistency when creating or deleting a database.

  The CPU 201 actually performs processing of each unit in the same manner as general central processing.

  The third communication unit 28 transmits / receives information to / from the locking unit 300 via the communication network 4.

  FIG. 4 shows data included in the unique code database 22 and the schedule management database 25.

  In the unique code database 22, the worker name, the biometric code, and other information related to the worker are recorded as authentication data for identifying the individual.

  On the other hand, the schedule management database 25 schedules the place and date when the key is used, such as the work schedule, place authentication code / device authentication code (device ID), time frame, store information, and collection schedule. Necessary information is recorded.

  However, it does not indicate that all the information shown in FIG. 4 is recorded, only the necessary information among these information may be recorded, and if there is further necessary information, it is additionally recorded. It doesn't matter.

(Locking unit 300 in specific area 3)
The locking unit 300 provided in the specific area (specific device) 3 is connected to the control unit 200 of the management center 2 via the communication network 4 and the fourth communication unit 30. The input unit 306, the decoder unit 301, the biometric authentication code extraction unit 302 connected to the decoder unit 301, the reading unit 308 connected to the second sensor 307, and the data processing unit connected to the reading unit 308 309, a biometric authentication code extraction unit 302 and a biometric authentication collation unit 303 connected to the data processing unit 309.

  Furthermore, a device / time data extraction unit 304 connected to the decoder unit 301, a timer 311 and a device ID verification unit 305 connected to the device / time data extraction unit 304 are further included.

  The biometric authentication verification unit 303, the timer 311, and the device ID verification unit 305 are connected to the electric lock 310.

  The data erasure unit 312 connected to the fourth communication unit 30 is also connected to the biometric authentication verification unit 303, the timer 311, and the device ID verification unit 305 that temporarily store each verification data. Yes.

  Here, the input unit 306 is a numeric keypad or the like for the workers 11, 12, and 13 to input the PIN number 29a and the like.

  The decoder unit 301 decodes the biometric authentication data, the device ID, and the batch authentication information 29 b of time data received by the fourth communication unit 30 from the control unit 200 via the communication network 4.

  The biometric authentication code extraction unit 302 extracts only biometric authentication data from the information decrypted by the decoder unit 301 and passes it to the biometric authentication verification unit 303.

  The second sensor 307, the reading unit 308 connected thereto, and the data processing unit 309 are the first sensor 15 connected to the registration unit 14, and the reading unit 151 connected to the first sensor 15. Then, the same processing as that of the data processing unit 152 is performed, and the biometric authentication data generated by the data processing unit 309 is passed to the biometric authentication collating unit 303.

  The biometric authentication collation unit 303 collates the biometric authentication data input from the biometric authentication code extraction unit 302 and the data processing unit 309.

  On the other hand, the device ID / time data extraction unit 304 extracts a device ID (or region ID) and time data from the information decoded by the decoder unit 301 and passes them to the device ID verification unit 305 and the timer 311, respectively.

  The device ID collation unit 305 collates the device ID input by the workers 11, 12, and 13 from the input unit 306 with the device ID input from the device ID / time data extraction unit 304. This device ID can be constructed by assigning a MAC address or a GLOBAL IP address.

  When the biometric authentication code is downloaded and the time measurement trigger data is input from the device ID / time data extraction unit 304, the timer 311 starts counting the time frame.

  The measurement by the timer 311 sets a time frame in which the worker can execute biometric verification. In other words, if the worker cannot perform biometric verification within the time frame set by the management center, an alert is issued and biometric verification cannot be performed. In addition, the timer 311 can limit the biometric authentication verification time, measure the time from unlocking, and set the operation time frame of the workers 11, 12, and 13. This time frame is set to automatically lock and prevent accidents when the workers 11, 12, and 13 forget the locking operation or cannot lock for some reason.

  The biometric authentication collation unit 303, the device ID collation unit 305, and the timer 311 connected to the electric lock 310 automatically lock the electric lock 310 when the collation is not correct or an abnormality occurs. Prevent accidents.

  In addition, although the electric lock 310 is illustrated in FIG. 2, it is possible to connect the operation panel of the device instead of the electric lock 310 to enable or disable input from the operation panel to ensure security. I do not care.

  When the work is completed, the workers 11, 12 and 13 perform the locking operation from the input unit 306, and at the same time the electric lock 310 is locked, the management center 2 is notified of the work completion via the fourth communication unit 30. The Upon receiving the work completion notification, the management center 2 notifies the locking unit 300 of an instruction to erase all downloaded verification data including biometric authentication data. In response to the instruction, the data erasure unit 312 erases all the verification data temporarily stored in the biometric authentication verification unit 303, the timer 311, and the device ID verification unit 305, and performs no verification on the locking unit 300. Data is not stored.

  Furthermore, FIG. 3 shows an application example of the ATMs 3a, 3b, and 3c to the security management system by the security company 1a as one specific example of the embodiment of the present invention.

  In FIG. 3, the security company 1 a as the key owner company 1 is dispersed in each region, and the management center 2 manages them through the communication network 4. The security company 1a manages and operates the ATMs 3a, 3b, and 3c of each store network 5 distributed in the jurisdiction area as the specific area (specific equipment) 3. The management center 2 is connected to each store network 5 via the communication network 4 and is constructed so that the lock and lock, security, recording (log), and security management of each store network 5 can be integrated.

  The security company 1a is located near the store network 5 where each ATM is installed, and an operator or a security officer processes the operation and work quickly, and at the same time stores and ATMs corresponding to an emergency or emergency. It is important to be able to move by.

  Workers 11, 12, and 13 who operate ATMs and collect money at the security company 1 a register their own unique codes via the first sensor 15 connected to the registration unit 14 in advance. Here, the personal unique code is one of the unlocking conditions for the locks in ATMs 3a, 3b, 3c, and may be an operator's unique code, password, PIN number, etc. It is desirable to construct it as a biometric verification system that uses a part of a living body.

  That is, personal unique features such as human fingerprints, irises, retina patterns, fingers, palms, and veins on the back of the hand are registered for use as key matching conditions. These personal unique codes of the workers are unique only given to the worker himself and the same code cannot be registered.

  Data registered in the personal unique code register 14 is stored in the database 22 of the management center 2 via the communication network 4 by means such as the modem 16.

  The communication network 4 can be achieved by various means such as the Internet, a telephone line, various wireless communications, a wired line, a LAN, and a WAN, but it is necessary to strictly ensure security. For this reason, each communication line is preferably a closed communication data line VPN for which security is ensured.

  The individual codes of the workers collected in the management center 2 are centrally managed by the unique code database 22 in the management center 2. The unique codes of these workers 11, 12 and 13 are managed only by the management center 2, and the security company 1a only registers the unique code data of the workers 11, 12 and 13 and transmits them to the management center 2 for security. The unique code itself does not remain in the company 1a.

  The management center 2 is connected to the lock units 300a, 300b, and 300c in the ATMs 3a, 3b, and 3c included in the store network 5 dispersed in each region so as to be operable via the communication network 4.

  The communication network 4 may be in any communication form like the communication network between the security company 1a and the management center 2 described above, provided that it is a system that ensures security as much as possible.

  In addition, the locking units 300a, 300b, and 300c of the ATMs 3a, 3b, and 3c are unlocked on condition that they match the personal unique codes of the workers 11, 12, and 13 of the security company 1a that have been registered previously. When the system adopts biometric verification, the pattern image showing the fingerprint, iris, retinal pattern, finger, palm, veins of the back of the hand, etc., and the feature points of the digital signal, etc. registered by the operator in advance A system is provided in which an algorithm-processed code, a so-called biometric authentication code, is collated.

  In the present invention, the management center 2 has the authority to set various unlocking conditions of the locking units 300a, 300b, 300c of the ATMs 3a, 3b, 3c in the specific area via the communication network 4, and The setting of the unlocking condition at the store where it is installed is basically not possible.

  The unlocking conditions set by the management center 2 can be set as centralized management for each individual ATM in a specific area. In addition to the individual unique code conditions of the workers 11, 12, 13, the ATMs 3a, 3b, 3c It is also possible to add a region code condition of a specific area where the location is located, a time condition for enabling unlocking / locking, an ID (identification code) condition of a specific device installed in the store, and an optional condition that can be set each time. This optional condition is a unique code such as a cipher, a password, a PIN number, etc. added at that time, and can be set suddenly in an emergency.

  When collecting money and operating / maintaining operations for each ATM 3a, 3b, 3c in a specific area, setting unlocking conditions from the management center 2 to each store or the locking units 300a, 300b, 300c installed in the ATMs 3a, 3b, 3c Are performed individually.

  For example, when two workers A11 and B12 collect money at ATM-A3a, ATM-B3b, and ATM-C3c, the recovery route and recovery time are in accordance with the schedule of arrival time and operation time. Is set. Conditions such as personal identification code of the unlocking operator (who operates which ATM), emergency password, additional encryption, etc. are set, and each ATM 3a via the communication network 4 as a signal indicating the unlocking condition. 3b and 3c are sent to the locking units 300a, 300b and 300c each time.

  That is, various data for authentication are not always set on the lock side in the specific area, and the ATM 3a, 3b, 3c is locked from the management center 2 each time only when unlocking is required. Data necessary for the units 300a, 300b, and 300c is transmitted via the communication network 4.

  When the workers 11, 12, 13 of the security company 1a go around the ATMs 3a, 3b, 3c according to the schedule, and first enter a password such as the PIN number assigned to the visiting day in the lock unit of the first ATM. Then, PIN number verification and set time frame verification are performed at the management center 2, and when verification is completed, personal authentication data is downloaded to the lock units 300a, 300b, and 300c of the ATM terminal, and personal authentication is performed using the personal authentication data ( Identity verification process).

  Next, an equipment ID (region code such as an identification code or a store code) is input to the locking units 300a, 300b, and 300c to confirm that the device is to be operated and to confirm the order in which the operator circulates and the region. Work (device authentication confirmation process). If optional password is set, confirm the optional password.

  If an incorrect operator operates or an operator other than the set operator tries to operate, the personal identification cannot be confirmed by the authentication of the personal unique code, and unlocking cannot be performed. If the operator makes a mistake in the patrol route or the place is not specified, collation cannot be performed by checking the device ID such as the store code and the area code, and unlocking cannot be performed.

  Furthermore, since the time frame is set on the management center 2 side as the unlocking condition, it cannot be unlocked unless the predetermined time is reached, and operations other than within the time frame are invalid, and identity verification is confirmed by a personal unique code. Even if the operating device, route, location, and authentication confirmation conditions are met, it will not be unlocked.

  This is because the time condition for unlocking is not known except for the management center 2, and it is possible to exclude device operation and unauthorized use other than the set time frame. In addition, when the workers 11, 12, and 13 forget the locking operation or cannot be locked for some reason, the lock is forcibly closed after a predetermined time frame.

  Also, if an accident or unexpected situation that does not match the predetermined schedule set in the above route setting occurs, if an operator other than the principal tries to operate, even the principal himself does not want to unlock it due to threats, etc. Unlocking is disabled as an abnormal operation or unauthorized operation.

  When the personal authentication confirmation process and the device authentication confirmation process are completed and the verification is matched, the lock (or door) of the ATM is unlocked, and the device can be operated by the user. Workers 11, 12, and 13 perform cash collection, replenishment, equipment maintenance and inspection, etc. at ATMs 3a, 3b, and 3c.

  When the work is complete, lock. If the lock is locked, the management center 2 is notified, and various verification data including the individual unique codes of the workers 11, 12, 13 downloaded to the locking units 300a, 300b, 300c of the ATMs 3a, 3b, 3c are All will be erased.

  In addition to the above means, ATMs 3a, 3b, 3c in each store are equipped with an abnormal situation notification means and emergency contact means in conjunction with an abnormal situation notification button and a numeric keypad so that threats and abnormal situations can be reported. It has become.

  Here, with reference to the block diagram of FIG. 2, the authentication procedure during patrol in the security management system of FIG. 3 will be described again in detail.

  In the description of the authentication procedure during the patrol, the workers 11, 12, and 13 are not limited to the following descriptions, and the workers 11, 12, and 13 mean any one of the three workers 11, 12, and 13 shown in the figure. Not all three are shown. The ATM 3a, 3b, 3c locking units 300a, 300b, 300c mean any one of the ATM 3a, 3b, 3c locking units 300a, 300b, 300c, and the three ATM 3a shown in the figure. Information is not exchanged simultaneously with the locking units 300a, 300b, and 300c of 3b and 3c.

  Once the patrol program is set in the management center 2, the patrol information 25a such as the patrol start time, the worker name, the personal identification number (or PIN number) of the day, and the store (ATM) to be patrol is stored in the security company 1. Be notified. At this time, no personal verification data or key information is transmitted to each store or ATM side.

  Workers 11, 12, and 13 arrive at the store or ATM installation location at a predetermined time, and the PIN number (password) 29a designated on the day is in the locking units 300a, 300b, and 300c of the ATMs 3a, 3b, and 3c. When input to the input unit 306, the PIN number 29a is transmitted to the control system 200 of the management center 2 for inquiry via the fourth communication unit 30. The collation unit 203 of the control system 200 of the management center 2 collates whether or not the received PIN number 29a matches the PIN number of the day set in advance by the schedule construction unit 26. At the same time, the collation unit 203 collates whether the time frame set in advance by the time frame setting unit 27 is met.

  When the PIN number verification and time frame verification are completed and these conditions are satisfied, the device ID (identification) data of ATM 3a, 3b, 3c (or a location code such as a store) and registered workers 11, 12, 13 An authentication information group 29b such as authentication personal unique data (hereinafter referred to as “unlocking condition data”) is sent from the third communication unit 28 via the communication network 4 to the locking units 300a, 300b, 300c of the ATMs 3a, 3b, 3c. Sent to.

  In the unlocking condition data sent to the locking units 300a, 300b, 300c of the ATMs 3a, 3b, 3c, time frame data for measuring the unlocking time is also transmitted simultaneously, and the locking units 300a of the ATMs 3a, 3b, 3c, It is also possible to manage time frames on the 300b and 300c sides. When this time frame data is not sent to the locking units 300a, 300b, 300c of the ATMs 3a, 3b, 3c, the unlocking time frame can be measured on the management center 2 side, and the time frame setting can be managed.

  On the side of the locking units 300a, 300b, and 300c of the ATMs 3a, 3b, and 3c, the signal received by the fourth communication unit 30 is decoded by the decoder unit 301 and the biometric authentication of the worker is performed from the signal sent by the biometric code extraction unit 302. Extract a personal code. The extracted biometric authentication code is sent to the biometric verification unit 303.

  On the other hand, the device ID (or store area) data and time frame data of the ATMs 3a, 3b, and 3c are sent to the device / time data extraction unit 304, and the time data and device data are extracted. The extracted time data is sent to the timer unit 307 to start counting the time frame, and the further extracted device ID (or region) data is sent to the device ID verification unit 305.

  The workers 11, 12, and 13 input the device ID (or store number) from the numeric keypad input unit 306. The input location code is downloaded from the management center to the terminal controller, decoded by the decoder unit 301, and verified by the device ID verification unit 305 against the device ID data extracted by the device / time data extraction unit 304.

  Also, the timer 309 is activated based on the time data sent from the management center, the time from unlocking is measured, and the operation time frame of the workers 11, 12, 13 is set. However, the operation time required for the predetermined operation of the workers 11, 12, and 13 trained in security is set for each work unit, and the work procedure and work time required on the day are determined by the management center 2 and set in more detail. It is also possible. This time frame is the time when the store door or ATM device can be operated.

  Furthermore, the workers 11, 12, and 13 read the living bodies of the workers 11, 12, and 13 using the biological sensor 307 and input the signals to the reading unit 308. The input biometric data is subjected to processing similar to the signal processing at the time of previous registration. That is, information (image data such as fingerprints, irises, hand veins, etc.) captured by the data processing unit 309 is subjected to feature point processing, filtering, etc., algorithm processed, converted into a digital signal, and encoded as a signal. The data is output and sent to the biometric authentication verification unit 303.

  The biometric authentication verification unit 303 verifies the biometric authentication code registered in the management center 2 and confirms whether the workers 11, 12, and 13 are the principals.

  Through these series of confirmation / collation operations, the device ID code (or the regional code of the store, etc.), time frame conditions, and personal authentication through biometric authentication are all collated and the electric lock 310 is unlocked. Of course, if any of the verifications cannot be made, the electric lock is not unlocked.

  When the work is completed and the workers 11, 12, and 13 perform a locking operation from the input unit 306, the electric lock 310 is locked and simultaneously notified to the management center via the network transmission / reception unit 30. An instruction to erase all downloaded verification data including biometric data is notified from the management center, and no verification data is stored in the terminal.

  FIG. 5 is a diagram showing processing between the security company 1a, the management center 2, and the store ATMs 3a, 3b, and 3c in the above-described embodiment.

  Workers 11, 12, and 13 perform biometric authentication registration (back of hand, fingerprint, etc.) at registration unit 14 in security company 1 a, and the unique code is transmitted to management center 2 by registration unit 14, and unique code is obtained by control unit 200. It is registered in the database 22 (S401).

  In the control unit 200 of the management center 2, the biometric authentication data of the workers 11, 12, and 13 and the worker schedule are stored in the unique code database 22 and the schedule management DB 25 for centralized management. Then, the worker schedule (travel date, worker name, visit destination, etc.) corresponding to the received unique code is notified to the security company 1a (S402).

  In this step, the workers 11, 12, and 13 are simultaneously notified of the PIN number of the tour day.

  Workers 11, 12, and 13 start patrol to designated first ATMs 3a, 3b, and 3c (S403). The workers 11, 12, and 13 first input the PIN numbers designated on the day at the ATMs 3a, 3b, and 3c. The input data is notified to the management center 2 (S404). The management center 2 verifies the notified PIN number (S405). When the PIN verification is performed, a notification that the verification has been performed is sent to the ATMs 3a, 3b, and 3c (S406). If the PIN verification cannot be performed, the operation ends as non-verification (S407).

  When the PIN number verification is completed, the management center 2 verifies the time condition as to whether or not it is within a preset time frame (S408). If the time condition is met, biometric authentication data and device ID data are sent to the ATMs 3a, 3b, 3c at this point (S409). If the time condition is not met, the operation is terminated at that point as time frame mismatch (S410).

  When PIN number verification and time verification are executed and the result is OK, biometric authentication data and device ID data (or location data such as a store code) are transmitted to the store ATM side. In this case, the biometric authentication data is essential for collation of the operator himself, but the device ID data is transmitted as additional collation.

  The workers 11, 12, and 13 that have received the PIN verification notification input the store area or device ID (identification) number, and perform device ID verification (S411). When the store ID or the device ID collation does not match, the operation ends as a device mismatch (S412). When the device is verified, the process proceeds to identity authentication.

  At the same time as the biometric authentication data is transmitted to the store ATM side, measurement by a timer is started and the biometric authentication is requested to be completed within the time frame set in the management center (S421). This is to increase the security by limiting the use time of the downloaded biometric data as much as possible.

  The personal authentication is performed by biometric verification of the workers 11, 12, 13 themselves (S413). If the biometric verification is not verified, the person is not verified, and the fact is notified to the management center 2 (S414). If it is verified that the operator is the person himself / herself by biometric authentication, the locks of the ATMs 3a, 3b, 3c are unlocked (S415), and the unlocking notification is also sent to the management center 2 (S416).

  By unlocking, cash collection, replenishment, and confirmation are performed at the ATMs 3a, 3b, and 3c (S417). When the operation is completed, the lock is closed (S418). A lock notification is sent to the management center 2 due to the lock (S419).

  When the management center 2 receives the lock notification, it instructs the lock units 300a, 300b, 300c of the ATMs 3a, 3b, 3c to delete the biometric authentication data and the device ID data, and the authentication data downloaded to the ATMs 3a, 3b, 3c. Is deleted (S420). When the work in the ATMs 3a, 3b, and 3c is completed, the ATMs 3a, 3b, and 3c in the next patrol place are set in a work preparation state.

  Next, an example of a worker registration selection and schedule management process in the present invention in consideration of security will be described with reference to FIG. This schedule management is mainly constructed by the schedule construction unit 26 of the control unit 200 of the management center 2 in FIG.

  In the patrol or money collection of the workers 11, 12, and 13, the management center 2 randomly selects a collection route from the plurality of store information 500. Therefore, these collection routes are different each time, and artificial factors such as route predictability and collection convenience are excluded (recovery route random creation process 501).

  Further, as schedules for the workers 11, 12, and 13, registrants who can operate on the collection schedule are selected from the collection schedule table 502 and the registrant operation schedule 503 for the workers 11, 12, and 13 that have been biometrically registered (registered) Selection process 504). A PIN number for the day is randomly assigned to the registrant (PIN number assignment process 505).

  The process 507 for selecting a registrant who can operate on the day of the collection is completed by combining the randomly created collection route and the collection worker randomly assigned with a PIN number (registrant random selection process 506 for the collection route). To do.

  According to this process, the patrol / recovery route of each store is randomly created from time to time, the PIN code assigned to the worker is also randomly selected, and the registrant randomly assigned to the recovery route is randomly selected. Therefore, it becomes a work process with higher security.

  In FIG. 7, the time frame conditions according to the present invention will be described together with various verification processes.

  First, on the side of the locking units 300a, 300b, 300c of the ATMs 3a, 3b, 3c, the workers 11, 12, 13 input the PIN number, and execute the PIN number verification with the management center 2 via the communication network 4 (PIN number). Input process 600).

  The PIN number is not always held in the locking unit 300a, 300b, 300c, but is sent from the management center 2 each time the worker 11, 12, 13 enters the PIN number. It is authenticated by checking with the code.

  In addition, as described above, this PIN number is randomly assigned according to the day and every time it is visited, and is associated with a randomly set circulation / recovery route. It indicates that you are on the correct patrol route.

  Accordingly, in the PIN number verification 601, the workers 11, 12, and 13 can collate whether the workers 11, 12, and 13 are accessing through a predetermined route instructed from the management center 2.

  Furthermore, since the PIN number is issued every specific day or every round, it is possible to collate the date and time. If the date and time are different, access will not be possible, and access with incorrect date and time will be excluded (for specific date and time). PIN number verification 602).

  When the collation is completed, a biometric authentication unique code for personal authentication is sent from the management center 2 to the locking units 300a, 300b, 300c of the target ATMs 3a, 3b, 3c (authentication data transmission 603 to the target device).

  At the same time as sending the biometric authentication data, the timer works to set the time frame set in the management center 2 (the biometric authentication collation time for the worker). This time frame is a time zone in which the worker can execute biometric authentication, and can also be used to limit the work time zone.

  If the verification is not completed within the predetermined biometric authentication time frame, there may be a situation where biometric authentication is not successful due to a malfunction of the biometric authentication device, a situation where someone else is working, etc. If an alarm is issued and appropriate measures are not taken thereafter, the biometric data is deleted.

  When the authentication of the person is completed (authentication success process 604), an unlock signal is sent, and the electric lock 310 is unlocked (unlock signal receiving process 605). When the work is completed and locked, a signal indicating the end of the work is sent to the management center 2, and the lock units 300a, 300b, and 300c of the ATMs 3a, 3b, and 3c receive an end signal (end signal reception 607).

  When the end signal is received, all authentication / verification data stored in the locking units 300a, 300b, 300c of the ATMs 3a, 3b, 3c are all deleted and reset to the state before the collection work (data deletion process 608). . The work end at this point needs to be within the time frame set in the management center 2. If the time frame is exceeded, it is determined that an abnormal situation has occurred, and the locks of the ATMs 3a, 3b, and 3c are closed.

  When the work is completed and the electric key 310 is closed, the management center 2 sets an instruction to the next store or ATM according to a preset collection route (the target device is set to the next device 609). The equipment to be transferred shifts to a standby state.

  Next, referring to FIG. 8, the access permission or non-permission state associated with the setting of the tour / recovery route is described.

  As described with reference to FIG. 6, the collection routes of a plurality of stores are randomly selected each time. For example, it is assumed that the current tour / collection route is selected as store B → A → C. In the state of FIG. 8 (1), the workers 11, 12, and 13 are supposed to start work from the store B first, and when collation is performed, the store B is permitted to access. However, the store A and the store C are not allowed to access (state shown in FIG. 8 (1)).

  When the operation of the store B is completed, the access to the store B is not permitted from the management center 2, and the access permission is given to the store A scheduled for the next operation. Here, access permission means a state in which an operator can input a PIN number, and does not mean unlocking or verification of a key. In store C, access is not permitted (state shown in FIG. 8 (2)). Therefore, if the operator tries to access the store C from the store B by mistake in the patrol / recovery route, the store C cannot be accessed because it is different from the route programmed by the management center 2.

  Similarly, when the operation of the store A is completed, the store A (similar to the store B) becomes inaccessible, and access to the next scheduled work store C is permitted (state shown in FIG. 8 (3)).

  As described above, if the patrol / recovery route set in the management center 2 is incorrect, access to the ATM at each store becomes impossible, and it becomes possible to deal with abnormal situations and prevent mistakes in the patrol / recovery route. In addition, since the patrol / recovery route is also centrally managed by the management center, it is possible to change or cancel the patrol / recovery route in the event of an emergency or abnormality, or in some cases not to set a route. is there.

  In the present invention, it is emphasized that entering / exiting a specific area and starting / ending an operation of a specific device or a specific system are handled in the same way as the access start / end of the person.

  In this embodiment, an ATM money collection management system has been described as an example of an application to a biometric authentication system that can ensure the most security as a key. However, any unique code key that can maintain high security can be used. It can be applied to the entrance / exit security management system or the door / device unlocking / closing security management system within the scope of the purpose.

  Further, in the above description, it has been described as an entry / exit key or a door / door management system, but the present invention is a device that should ensure security or a device or system operation that cannot be operated by an authorized person, A similar effect can be expected by installing the key and management system according to the present invention.

  Further, the configurations and arrangements shown in the drawings for explaining the embodiments of the present invention are merely examples, and are not limited to realizing the functions of the present invention. Therefore, the present invention includes combinations of various possible arrangements as long as the functions of the present invention can be realized.

<Embodiment 2>
The second embodiment will be described more specifically than the first embodiment. FIG. 9 is a specific configuration diagram of the security management system according to the second embodiment.

  FIG. 9 includes a computer system 1 of a security company and a computer system 2 of a management center (collectively referred to as a biometric registration computer system).

  A communication network includes a locking unit 300 for unlocking or locking the ATM 5 in the store, a personal computer 8 on the store side, a mobile phone 9 for the store staff, and a mobile phone 18 for the unlocking operator of the security company. This is a system connected by 4 (cell phone network, dedicated line, etc.).

(Computer system of security company 1: hereinafter referred to as security company 1)
As shown in FIG. 9, the registration unit 14 of the security company 1 outputs the numerical value number of the unlocking operator (hereinafter referred to as the operator) of the security company and the code of the vein on the back of the hand (collectively referred to as the worker biometric code Bi). ), A mobile phone 18 carried by the worker, an administrator terminal 19 of the security company, a personal computer (not shown) for the worker, and the like.

  Then, as shown in FIG. 9, the registration unit 14 of the security company 1 captures the worker biometric code Bi from the first sensor 15 and stores it in the database 147 (reading in the first embodiment). A database 148 for storing store information Hi and a database 149 for storing worker information Fi.

  Further, it includes transmission means 150 for transmitting worker security information Di, store information Hi, etc., which is a combination of the contents of each database, to the computer system 2 (hereinafter referred to as management center 2) of the management center. Each of the aforementioned databases will be described later.

(Management center configuration)
As shown in FIG. 9, the management center 2 has a database 22a for storing worker security information Di (corresponding to the biometric data attached information of the first embodiment), a database 22b for storing store information Hi, and the like. . These exist in the unique code database 22.

Moreover, the database 25 etc. which memorize | store the worker schedule information Ki mentioned later are provided.
This database corresponds to the schedule management DB 25 .

  Furthermore, it includes work schedule construction means 231, actual unlocking time determination means 235, biometric information transmission means 236, worker information transmission means 234, and the like.

  The schedule construction means 231 determines the unlocking permission time zone hci () of the store from the unlocking permission time zone hci of the store information Hi and the worker's work permission time zone Ci for the workable shop of the worker security information Di. A temporary collection date and time zone kai that satisfies the key usage time frame and is available to the operator is generated. This is stored in the database 25 as a worker schedule Ki. This worker schedule Ki is generated for each store.

  The worker information transmission means 234 mails the worker schedule Ki and the worker characteristic information Qi of the worker information Fi to the personal computer 8 of the store and the mobile phone 9 of the person in charge of the store (hereinafter collectively referred to as a store side terminal). Send with.

  When the actual unlocking time determination means 235 receives unlocking request information (worker PIN code abi, worker code aai, ATM number hbi etc. input from the keyboard of the second sensor) from the store side, When the current time Ti of the timer 29 is included in one of the time zones of the worker schedule Ki, the biometric information transmitting means 236 uses the worker code / biological information BBi (first biometric / password code information) to be described later. BBi), an in-time work determination permission signal for permitting opening and closing of the ATM 5 is transmitted to the lock unit 300 on the store side.

(Store side)
As shown in FIG. 9, the store-side locking unit 300 recognizes and encodes the input number of the worker who performs the unlocking operation on the store side and the veins on the back of the hand (collectively referred to as the biometric code mi of the store-side worker). The second sensor for output and the ATM 5 on the store side are connected.

  The locking unit 300 includes a data processing unit 320, a PIN code reading unit 321, an extraction unit 323, a verification unit 324, an unlocking signal transmission unit 330, an open / close determination unit 329, an operation time determination unit 331, and the like. It has.

  Furthermore, a first timer 327, a second timer 328, and a database 325 in which worker codes / biological information BBi from the management center 2 are stored are provided.

  The data processing means 320 performs predetermined processing on the biometric code mi and the unique code (such as the operator's PIN code and ATM number) from the second sensor 307 (with a keyboard).

  The extraction unit 323 separates and extracts the biometric code mi and the unique code from the second sensor 307, and sends this to the verification unit.

  The PIN code reading means 321 transmits to the management center 2 as unlock request information in which an ATM number or the like is added to the unique code from the second sensor.

  When the work time determination means 331 determines that the work is permitted, the collating means 324 receives the unlock request information from the second sensor 307 and the biometric code mi (collectively, the second biometric / password code information or the shop side work). The operator input code / biological information) and the worker code / biological information BBi from the management center 2 stored in the database 325 match, and the determination result is transmitted to the unlocking signal transmitting means 330. To do.

  The unlocking signal transmitting unit 330 transmits an unlocking permission signal to the ATM 5 when the determination result of the collating unit 324 is determined to match.

  The work time determination means 331 activates the first timer 327 and checks the verification means 324 when receiving the in-time work determination permission signal from the management center 2 and when the worker code / biological information BBi is stored in the database 325. Start. The first timer 327 measures a certain time (for example, 10 minutes, 15 minutes, and 20 minutes).

The open / close determining means 329 determines whether or not the door of the ATM 5 is opened within a predetermined time Pi measured by the first timer 327 when the unlock signal transmitting means 330 transmits an unlock permission signal to the ATM 5, and the predetermined time Pi. When the door does not open inside, security signal 1 and management center 2
In addition, it is transmitted to the terminal device of the store.

  The open / close determination means 329 activates the second timer 328 when it is determined that the ATM 5 has opened the door, and when the door is not closed within the specified time tm (Pi> tm), the security company 1 and the management center 2 and inform the terminal device of the store of the abnormality.

(Database configuration)
FIG. 10 is an explanatory diagram for explaining the store information Hi and the worker schedule Ki. The store information Hi stored in the database 148 of the security company 1 and the database 22b of the management center 2 includes a store code hai (ha1, ha2,...) And an ATM number hbi (hb1, hb2,. .), Unlocking permission date / time zone hci ((hc1, hc2...), Store side PIN code hdi ((hd1, hd2...) And the like.

  Further, as shown in FIG. 10B, the worker code / biological information BBi stored in the database 147 of the security company 1 includes a worker code aai and a PIN code abi which is a number such as a worker's personal identification code. (Hereinafter referred to as the operator's PIN code), the biometric code aci of the worker, the input date, the time, the input terminal number ahi of the first sensor, the company code aji, and the like.

  These worker biometric codes Bi (Ba1, Ba2,...) Are preferably input, for example, every week from the viewpoint of security. In the worker information Fi, the photograph data bai, gender, height, weight, martial art type, and portable terminal address are referred to as worker characteristic information Qi.

  As shown in FIG. 10C, the worker information Fi includes the date, time, and date of the worker code aai, the photograph data bai of the worker, the gender, the height, the weight, the martial arts type, and the workable date and time zone Ci. And company code and the mobile terminal address (email address, telephone number) of the worker.

  The photograph data bai of the worker information Fi (Fa, Fb...) May be once a week, once a month or every day.

  As shown in FIG. 10D, the worker security information Di is composed of worker code / biological information BBi, worker information Fi, and the like.

  FIG. 11 is an explanatory diagram for explaining the store information Hi and the worker schedule Ki of the management center 2.

  The store information Hi is the same as that shown in FIG. 10A and is transmitted from the security company 1 and stored in the database 22b.

  The worker schedule Ki includes a store code hai, an ATM number hbi, a worker code aai, a collection date and time Lai, worker characteristic information Qi, and the like.

  The collection date / time Lai may be one or more when the unlocking permission date / time hci from the store side is satisfied.

  Two types of collection date and time zones in FIG. 11B are created. Store code ha1 stores, for example, 13:20 to 35 minutes on April 10 and 15:35 to 50 minutes on April 10 as the collection date and time, and the worker opens at any date and time. Indicates going to the lock.

(Overall operation description)
The operation of the security management system configured as described above will be described below. 12, 13 and 14 are sequence diagrams for explaining the operation of the security management system according to the second embodiment.

  The worker of the security company 1 operates the keyboard of the first sensor 15 to input the worker code aai, the worker PIN code abi, and the like, and causes the first sensor 15 to photograph the veins on the back of the hand.

  The first sensor 15 generates a biological code aci for the vein on the back of the hand and transmits it to the registration unit 14 (d1).

  The data processing means 146 of the registration unit 14 of the security company 1 includes the worker code aai and the worker PIN code abi input to the biometric code aci, the input date and time, the input terminal number, the company code, and the like. Are stored in the database 147 as worker code / biological information BBi (d2).

  As shown in FIG. 11, the worker schedule Ki includes a store code hai, an ATM number hbi, a worker code aai, a collection date and time Lai, worker characteristic information Qi, and the like.

  As shown in FIG. 10B, the worker code / biological information BBi includes the worker code aai, the worker PIN code, the worker's biological code aci, the input date, time, and the first sensor. It consists of an input terminal number ahi and company code aji.

  Further, the worker inputs the worker information Fi by operating the mobile phone 18 or the personal computer (not shown) with the camera of the worker. This worker information Fi is stored in the database 149 by the CPU (not shown) of the registration unit 14 (d3).

  As shown in FIG. 10C, the worker information Fi includes the worker code aai, the date, time, worker's photo data bai, gender, height, weight, martial arts type, possible date and time Ci And company code and the mobile terminal address (email address, telephone number) of the worker.

  The transmission unit 150 of the registration unit 14 transmits the worker code / biological information BBi in the database 147 and the worker information Fi in the database 149 to the management center 2 as worker security information Di, and stores the store information Hi in the database 148. It transmits to the management center 2 (d4).

  The workable time and photo data of the worker information Fi described above are input for each worker by the worker's mobile phone 18 (with a camera) or the worker's personal computer.

  Then, the manager operates the manager terminal 19 to determine a corresponding store in consideration of the workable time of each worker, the position of the worker, and the like, and uses this as worker information Fi.

The work schedule construction means 231 of the management center 2 stores the store information H in the database 22b.
The unlocking date / time zone hci of i and the workable date / time zone Ci of the worker security information Di are read (d5, d6), and an operator schedule Ki for going to the store side is generated (d7) .

  This schedule Ki is generated as follows.

  The schedule construction means 231 reads the store information Hi in the database 22b by designating the store code, and the worker security information Di having the person-in-charge code aai who can work within the store-side unlocking permission time zone hci of this store information Hi. Are extracted from the database 22a.

  Then, when the unlocking permission date / time zone hci of the store code ha1 in FIG. 11 (a) is “13: 00-14: 00” and the worker's workable date / time zone Ci is “11: 00-18: 00” (monthly) For example, “13:20 to 13:35” and “13:35 to 13:50” are set as the collection date and time Lai. Since a plurality of collection date / time zones are generated, the worker can go to the store in the next time zone if it is not in time for the first time.

  Then, the worker schedule Ki in which the store code hai, the ATM number hbi, and the worker code aai are added to the collection date and time Lai is stored in the database 25 (d8).

  The management center 2 transmits the worker schedule Ki to the security company 1 (d10).

  The security company 1 informs the person in charge of the collection date and time from the management center 2 (for example, to a mobile phone).

  Next, when the collection date / time Lai is reached, the worker of the security company 1 heads for the store and operates the keyboard of the second sensor 307 connected to the locking unit 3 so that the worker code aai and the worker PIN are entered. A unique code such as code abi is input, and the veins on the back of the hand are photographed by the second sensor 307 (d20, d21).

  The second sensor 307 generates a bio-code aci for the back of the hand, transmits it to the locking unit 300, and temporarily stores it in a memory (not shown) (d22).

  The PIN code reading means 321 of the locking unit 300 combines the worker code aai inputted from the keyboard, the worker PIN code abi, the inputted date, ATM number, shop code, etc., and this is used for unlocking request information. To the management center 2 (d23).

  When the actual unlocking time determination means 235 of the management center 2 receives the unlocking request information from the locking unit 300 on the store side, the worker schedule Ki having the store code and ATM number included in this unlocking request signal is displayed. Assign from database 25. Then, the actual collection date / time zone Lai of this worker schedule Ki is read to check whether the current time of the timer 29 is within the time of the collection date / time zone Lai (d24).

  In this collation, since there are two collection date / time zones Lai, it is determined whether or not they are included in any of the date / time zones. The actual unlocking time determination means 235 transmits this determination result to the management terminal and the store terminal of the security company 1 (d25, d26, d27).

  Specifically, when it is determined that the collation result is included in any time zone, the unlocking permission information (including worker code, store number, ATM number, etc.) is sent to the security company 1 management terminal and Send to store terminal. When it is determined that the collation result is not included in any of the date and time zones, the unlocking permission information (including worker code, store number, ATM number, etc.) is sent to the management terminal and store terminal of the security company 1 Send.

  When the unlocking time determination means 235 of the management center 2 determines that the collation result is included in any of the date and time zones, an in-time work determination permission signal indicating work permission is transmitted to the lock unit 300 on the store side. At the same time, the biological information transmitting means 236 transmits the worker code / biological information BBi (biological code aci, worker PIN code abi, etc.) having the worker code aai received from the locking unit 300 to the locking unit 300 (d28). .

  This worker code / biological information BBi is stored in the database 325 of the lock unit 300 on the store side.

  Next, when the work time determination means 331 of the locking unit 300 receives the in-time work determination permission signal from the management center 2, the work time determination means 331 activates the first timer 322 and activates the collation means 324 (d29). The first timer 322 measures Pi for a certain time (d30).

  The collating unit 324 collates whether or not the worker input code / biological information from the second sensor 307 matches the worker code / biological information BBi from the management center 2 stored in the database 325 (d31). ), And outputs the collation result to the unlock signal transmitting means 327 (d34).

  The unlock signal transmission means 327 sends an unlock permission signal to the ATM 5 when the collation results match.

The open / close determining means 329 determines whether or not the door has been opened within a predetermined time Pi of the first timer 327 (d35).

In addition, when the opening / closing determination means 329 determines that the door cannot be opened within a predetermined time Pi,
The worker code / biological information BBi in the database 325 is deleted (d37), and an abnormal signal is transmitted to the store terminal, the management center 2, and the security company management terminal (d38, d39, d40).

  When the open / close determining means 329 determines that the door has been opened within the predetermined time Pi, the worker code / biological information BBi in the database 325 is immediately deleted (d42).

  Then, the second timer 328 is activated to measure the specified time tm (d43), and it is determined whether or not the door closing signal is transmitted from the ATM 5 within the specified time tm (d44).

  When the door closing signal is not received within the specified time tm, an abnormal signal is transmitted to the store terminal, the management center, and the security company management terminal (d46, d47, d48, d49).

  Next, the operation of the management center 3 will be described in more detail using the flowchart of FIG. The management center 3 performs initial settings such as fetching worker security information Di, store information Hi, and the like into the memory (S1501).

  Next, the worker code aai of the worker security information Di of the first record of the plurality of worker security information Di and the ATM number hbi of the store information of the first record of the plurality of store information Hi are set (S1502). .

  Next, the workable date / time zone Ci linked to the worker code aai is compared with the unlocking time / date zone hci of the store information Hi (S1503), and the worker aai works within the unlocking time / date zone hci. Whether or not is possible is determined (S1504).

  If it is determined in step S1504 that the worker aai cannot work within the unlocking permitted date and time zone hci, the next store information Hi is updated and the process returns to step S1502, and the ATM of the next store information Hi is set. The operator who can perform the unlocking operation is searched (S1505).

  In step S1504, when it is determined that the worker aai can work within the unlocking permitted date and time zone hci, the worker linked to the store information Hi and the worker code aai of the store where the work can be performed. The characteristic information Qi is read out and linked to the worker code aai (S1506). Then, the collection date and time Lai is obtained from the linked store information Hi (S1507).

  In the collection date and time Lai, the store code hi of the store information Hi, the ATM number hbi, the worker code of the extracted worker security information Di, and the worker feature information Qi are combined and stored in the database 25 as a schedule Ki ( S1508). Next, the schedule Ki is transmitted to the security company 1 (S1509).

  Next, the operation of the actual unlocking time determination means 235 will be described below using the flowchart of FIG.

  The actual unlocking time determination means 235 monitors whether or not the unlocking request information has been received from the store side (S1601).

  If it is determined in step S1601 that the unlock request information has been received, an operator schedule Ki having the store code and ATM number included in the unlock request information is assigned from the database 25. Then, the collection date and time Lai of this worker schedule Ki is read (S1602), the current time Ti of the timer 29 is read, and it is determined whether or not this current time is within the time of the collection date and time Lai (S1604).

  In this determination, since there are two actual collection date / time zones Lai, it is determined whether or not they are included in any of the date / time zones. When it is determined that it is included in any of the date and time zones, an in-time work determination permission signal (including worker code, store number, ATM number, etc.) is transmitted to the management company's management terminal and store terminal ( S1605).

  Further, when it is determined that the collation result is not included in any of the date and time zones, non-permission information (including worker code, store number, ATM number, etc.) is sent to the management terminal and store terminal of the security company 1 It transmits (S1606).

  Next, operation | movement of the locking unit 300 is demonstrated below using the flowchart of FIG.

  The worker of the security company 1 operates the keyboard of the second sensor 307 connected to the locking unit 300 and inputs the worker code aai, the worker PIN code abi, etc. The second sensor 307 takes a picture.

  The second sensor 307 generates a biological code aci for the back of the hand and transmits it to the locking unit 300.

  The PIN code reading means 321 of the locking unit 300 monitors whether a unique code such as a worker PIN code or worker code aai is input from the keyboard (S1701).

  In step S1701, if a unique code is input from the keyboard, the PIN code input means 321 displays unlock request information (the date, time Pi and ATM number when the worker code aai and the worker PIN code abi are input). (Including a store code) is transmitted to the management center 2 (S1702).

  On the other hand, the actual unlocking time determination means 235 of the management center 2 determines that the in-time work determination permission signal and the worker code biometric information BBi are present if the reception time of the unlock request information is within the collection date / time Lai of the worker schedule Ki. Is transmitted to the locking unit 300.

  The work time determination means 331 on the store side monitors the database 325 as to whether or not the in-time work determination permission signal and the worker code / biological information BBi are received from the management center 3 (S1703).

  In step S1703, when the work time determination means 331 determines that the in-hour work determination permission signal and the worker code / biological information BBi are input, the first timer 327 is activated to measure the predetermined time Pi and the collation is performed. The means 324 is activated (S1704).

  The collating unit 324 determines whether or not the worker code / biological information from the second sensor 307 matches the worker code / biological information BBi from the management center 2 (S1705).

  If it is determined in step S1705 that they match, the unlocking signal transmitting means stage 329 sends an unlocking permission signal to the ATM 5 (S1706), and the worker code / biological from the management center 3 stored in the database 325 is stored. The information BBi is deleted (S1707).

  On the other hand, if it is determined that there is a mismatch, an abnormal signal is transmitted (S1708), the process returns to step S1707, and the worker code / biological information BBi is deleted. .

  Next, the operation of the open / close determination means 329 will be described below using the flowchart of FIG. The open / close determining means 329 activates the first timer 327 when the unlocking permission signal is output (S1801).

Next, it is determined whether the door with whether a door open signal is outputted from ATM5 has either been opened (S1802). If the door open signal is not output in step S1802, it is determined whether the first timer 327 has measured Pi for a certain period of time (S1803).

  If it is determined in step S1803 that the door has not been opened and Pi has been measured for a certain period of time, the open / close determination means 329 sends an abnormality signal (store code, ATM number) to the store terminal and management center 2 and the security company management terminal. (S1804), the biometric information BBi from the management center 3 in the database 325 is deleted (S1805).

Further, in step S1802, when it is determined that the door is opened, with informing the door open (S1806), it activates the second timer 328 (S1807).

  And it is determined whether the door of ATM5 was closed (S1808). If it is determined in step S1808 that the door has been opened, it is determined whether the specified time tm has elapsed (S1809).

  If it is determined in step S1809 that the door cannot be closed even after the specified time tm has elapsed after the door is opened, an abnormal signal is transmitted to the store terminal, the management center, and the security company management terminal (S1810). BBi is deleted (S1811).

  In the above embodiment, the ATM number and the store number are input from the second sensor. However, if there is another input terminal, the input terminal may be used.

<Embodiment 3>
FIG. 19 is a schematic configuration diagram of the third embodiment. In FIG. 19, the description of the same parts as those in FIG. 9 is omitted.

  In the third embodiment, the store information in the database 22b includes, as shown in FIG. 20, an unlocking time vai in addition to the store code hai, the ATM number hbi, the unlocking permitted date and time hci, and the store side PIN code hdi. And the locking time Vbi. In the present embodiment, this is referred to as store information Hip.

  Further, as shown in FIG. 19, the management center 2 includes an opening / closing lock time transmission unit 238, and the locking unit 300 includes a work time determination / setting unit 335.

When the opening / closing lock time transmitting means 238 is transmitted from the store side from the unlock request information, the store information Hip having the store number and ATM number of the unlock request information is searched from the database 22b, and the store information Hip of the searched store information Hip The unlocking time Vai and the unlocking time Vbi are read. Then, the store code and ATM number of the searched store information Hip are added and transmitted to the lock unit 300 of the store.

  The store side work time determination / setting means 335 receives the unlocking time Vai and the unlocking time Vbi from the management center 2, sets the unlocking time Vai to the first timer 327, and sets the unlocking time Vai to the second time. Set to timer 328.

  That is, the management center 2 can change the unlocking and opening / closing times according to the ATM status of the store.

It is a schematic block diagram of the security management system of this invention. It is a block diagram of the security management system of FIG. It is a block diagram of the security management system of the application example of this invention. It is a data block diagram of a specific code database and a schedule management database. It is a sequence chart which shows the process sequence in the security management system of the application example of this invention. It is a flowchart relevant to the worker selection and collection route in the security management system of the application example of the present invention. It is a flowchart which shows the process of the time frame condition and collation condition of the security management system of the application example of this invention. It is explanatory drawing which shows the work condition in the some store by the security management system of the application example of this invention. FIG. 6 is a schematic configuration diagram of a security management system according to a second embodiment. It is explanatory drawing explaining various information. It is explanatory drawing explaining various information. FIG. 10 is a sequence diagram for explaining the second embodiment. FIG. 10 is a sequence diagram for explaining the second embodiment. FIG. 10 is a sequence diagram for explaining the second embodiment. 10 is a flowchart for explaining the operation of the management center 3 according to the second embodiment. 10 is a flowchart for explaining the operation of actual unlocking time determination means 235 according to the second embodiment. It is a flowchart explaining operation | movement of the locking unit 300 of Embodiment 2. FIG. 10 is a flowchart for explaining the operation of an open / close determination unit 329 according to the second embodiment. FIG. 10 is a schematic configuration diagram of a security management system according to a third embodiment. 10 is an explanatory diagram for explaining store information according to Embodiment 3. FIG.

Explanation of symbols

1 Key owner company 1a Security company 2 Management center 3 Specific area (specific equipment)
3a, 3b, 3c ATM
4 communication network 5 store network 11, 12, 13 worker 14 registration unit 15 first sensor 16 first communication unit 20 biometric authentication data attached information 22 unique code database 23 second communication unit 24 decoder unit 25 schedule management database 26 schedule construction unit 27 time frame setting unit 28 third communication unit 29a PIN number 29b authentication information group 30 fourth communication unit 151 reading unit 152 data processing unit 153 coding unit 154 biometric authentication data 155 encryption unit 200 control unit 201 CPU
202 Input operation unit 203 Verification unit 204 Recording / logging unit 205 Control unit 300 Locking units 300a, 300b, 300c Locking unit 301 Decoder unit 302 Biometric code extraction unit 303 Biometric verification unit 304 Device ID / time data extraction unit 305 Device ID Verification unit 306 Input unit 307 Second sensor 308 Reading unit 309 Data processing unit 310 Electric lock 311 Timer 312 Data erasing unit

Claims (9)

A security management system in which a computer system of a security company, a computer system of a management center, a store ATM, and a terminal device on the store side are connected via a communication network,
The computer system of the security company includes a first sensor, a terminal device of the security company, and a registration unit.
The first sensor is
Means for detecting biometric information of workers of the security company traveling around the store ATM and transmitting it to the registration unit;
Means for reading a worker's unique code for identifying the inputted worker and transmitting it to the registration unit;
With
The registration unit
A first database in which worker identification / biological information is stored;
A second database storing store information including a store code of the store, an ATM number constituting the store ATM in the store, and an unlocking date and time zone of the ATM of the store;
A third database storing worker information including the worker's unique code and the worker's workable date and time;
In addition,
Means for combining the worker's biometric information from the first sensor and the worker's unique code, and storing this in the first database as the worker identification / biological information;
The worker identification / biological information of the first database and the worker information of the third database are transmitted as worker security information of the worker to the computer system of the management center and the store information is transmitted. Sending means to
With
The computer system of the management center is
A fourth database in which the worker security information and the store information are stored;
A fifth database storing work schedule information of the workers;
A management center timer that outputs the current time Ti;
In addition,
Means for receiving the operator security information and the store information from the computer system of the security company and storing it in the fourth database;
The store information is read from the fourth database, and the worker security information having the workable date and time zone including the unlocking date and time zone of the store included in the store information is extracted and extracted. A specific period within the workable date and time zone of the worker in the worker security information is defined as a collection date and time period, and the worker's unique code included in the extracted worker security information for the collection date and time period and Means for adding a store code and the ATM number included in the store information of the fourth database, and storing this in the fifth database as a work schedule of the worker;
When the unlock schedule request information from the store ATM is received and the worker schedule having the collection date and time including the current time of the timer of the management center exists in the fifth database, the ATM number Means for transmitting an in-time work determination permission signal to permit the unlocking of the electric lock to the store ATM of the store;
When the unlocking is permitted, the worker identification / biological information in the worker security information having the worker's unique code, ATM number and shop code included in the unlocking request information Means for reading from the database of 4 and transmitting and storing it in the store ATM of the store;
With
The store ATM is
An ATM for outputting a signal notifying the unlocking or closing of the electric lock and the opening or closing of the door, a second sensor, and a locking unit;
The second sensor is
Means for detecting the biometric information of the store-side worker who circulates and collects the store ATM, and transmits this to the lock unit as biometric information of the store-side worker;
Means for reading the unique code of the shop-side worker input by the input means and transmitting it to the locking unit;
With
The locking unit is
A sixth database storing the worker identification / biological information from the computer system of the management center;
A first timer on the store side that measures the fixed time P;
A second timer for measuring a prescribed time tm (tm <P);
In addition,
Means for transmitting the store code from the second sensor, the ATM number, and the store worker's unique code to the management center computer system as the unlock request information;
The worker identification / biological information stored in the sixth storage means, the biological information of the store side worker from the second sensor, the store code, the ATM number, and the unique code of the store side worker; Matching means for determining whether or not the shop side worker identification and biometric information are matched ,
Means for activating the first timer and the collating means when the in-time work determination permission signal is received from the computer system of the management center accompanying the transmission of the unlocking request information ;
If it is determined that the matching means match, means for outputting an unlocking permission signal to the electric lock;
With the output of the unlocking permission signal, the door is within the predetermined time Ti depending on whether or not a door opening signal is output from the door informing that the door has been opened within the predetermined time Ti of the first timer. A means to determine if it was opened,
When there is no door opening signal within the predetermined time Ti, an abnormality signal is transmitted to the computer system of the management center, the terminal device of the security company, the terminal device of the store,
If it is determined that the door has been opened within the predetermined time Ti, the means for starting the second timer;
Means for determining whether the second timer has measured the prescribed time tm;
When the door closing signal indicating that the door is closed is not transmitted within the specified time tm, an abnormal signal is transmitted to the store terminal, the management center computer system, the security company terminal device, and the store terminal device. Sekyuryuti management system characterized by having a <br/> and means. The work schedule is
Means for reading the store information from the fourth database and extracting all the worker security information having the workable date / time zone including the unlocking date / time zone of the store included in the store information;
For each of the extracted worker security information, a means for setting a collection date and time within a certain period within the worker's workable date and time of the worker security information;
The store code of the read store information, the ATM number and the unique code of the worker included in the extracted worker security information are added to the collection date and time, and this is added to the worker. Means for storing the work schedule in the fifth database;
The security management system according to claim 1, wherein the security management system is constructed by: The first sensor is
Means for photographing a vein on the back of the worker's hand of the security company, means for encoding the characteristic information of the vein, and means for transmitting this to the registration unit as the biological information,
The second sensor is
Means for photographing a vein on the back of the collection worker's hand that opens and closes the ATM door of the store, a means for encoding the characteristic information of the vein, and transmits this to the locking unit as biological information of the collection worker And means for
The security management system according to claim 1, wherein the security management system is a security management system. The second database of the management center computer system is:
Corresponding unlocking time and unlocking time of the electric lock to the store information, storing these as the store information,
When the unlocking request information is transmitted from the locking unit of the store to the computer system, the store code included in the unlocking request information, means for searching the store information having an ATM number,
Means for transmitting the unlocking time and the locking time of the retrieved store information to the locking unit of the store;
With
The store locking unit is:
The unlocking time and the unlocking time are received, the unlocking time is set as the fixed time Pi in the first timer, and the unlocking time is set as the specified time tm in the second timer Sekyuryuti management system according to any of claims 1 to 3, characterized in that the means for having <br/>. The store code and the ATM number of the store information are added to the unlocking time and the unlocking time of the retrieved store information, and the information is transmitted to the locking unit of the store. Item 5. The security management system according to item 4 . 6. The security management system according to claim 1, wherein the worker information includes photograph data of the worker. The security management system according to any one of claims 1 to 6, wherein the worker information includes gender, carefulness, weight, martial arts, and a mobile terminal address of the worker. Means for measuring a preset time associated with the unlocking, and for locking the electric lock when the measured time reaches the preset time;
The security management system according to claim 1, wherein: When transmitting the pre-Symbol abnormal signal, and means for deleting the operator identification and biometric information (BBi)
The security management system according to claim 1, comprising:

Images