JP5170982B2 - Entrance / exit information device - Google Patents

Description

  The present invention relates to an entry / exit information device, and in particular, entry / exit information for managing a user's occupancy status in an area based on entry / exit information acquired from an entry / exit management device that manages the user's entry / exit in a predetermined area. Relates to the device.

  In companies that frequently handle confidential information or specific departments within the company, leakage of confidential information can be prevented in advance by applying an entry / exit management system that manages entry / exit of workers who handle confidential information. I am doing so.

  Generally, an entrance / exit management system uses information that uniquely identifies a user, such as a user ID (IDentification) incorporated in an IC (Integrated Circuit) card given to the user, or biometric information (fingerprint, iris, voiceprint, etc.). Advanced authentication that handles confidential information by unlocking the locked door for entry / exit when personal authentication is performed by the host computer for entrance / exit management and it is authenticated that the user is a registered valid user. Management such as permitting entry into the security level area.

  By the way, the above-described confidential information is managed by a confidential information management system constructed on a network different from the entrance / exit management system, and from an information terminal device installed in an area where entrance / exit management is performed. It can be used according to access to the host computer for confidential information management. When accessing the host computer for managing confidential information, an authentication process similar to the personal authentication in the above-described entry / exit management system is required.

  Therefore, cooperation between such an entrance / exit management system and a confidential information management system is required, and authentication processing at the time of entering / exiting an area where confidential information is handled and at the start of use of the information terminal device after entering the room A method for associating with the authentication process of the above has been devised (see, for example, Patent Document 1 and Patent Document 2).

In recent years, interest in security has been increasing more and more, as represented by the legal system of the Personal Information Protection Law. In response to such a background, the entrance / exit management system is starting to cooperate with the above-described confidential information management system and the like, and its scale is becoming larger.
JP 2000-259878 A JP 2002-41469 A

  By the way, when such an entrance / exit management system and the confidential information management system are linked by a host system, the user's occupancy status managed by the entrance / exit management system is a network authentication by the confidential information management system. But it will be important. In other words, the host system that links these systems needs to know the current occupancy status of the user managed by the entrance / exit management system, that is, the current occupancy status, There is a problem that a system that fully considers such points has not been constructed.

  The present invention has been made in view of such circumstances, and the purpose of the present invention is based on the entrance / exit information acquired from the entrance / exit management device that manages the entrance / exit of the user in the predetermined area. In the entrance / exit information management device that manages the room state, even if a situation occurs in which it is impossible to match the occupancy state with the entrance / exit management device in real time due to a communication error or the like, the entrance / exit management device It is possible to achieve consistency in the state of occupancy information with the self.

  In order to solve such a problem, the first invention provides an area management device that manages user entry / exit in a predetermined area according to an authentication processing result based on authentication target information that uniquely identifies the user. The information regarding the user's room entry / exit is acquired as room entry / exit information, and an entry / exit information device for managing the user's occupancy status in the area is provided based on the acquired room entry / exit information. This room entry / exit information device includes an occupancy state storage unit, a survival confirmation unit, a communication control unit, and a state matching unit. Here, the occupancy state storage unit stores the occupancy state of the user in the area according to the entry / exit information acquired from the entry / exit management device. The survival confirmation unit detects that communication with the entry / exit management device is impossible. The communication control unit establishes a communication connection with the entrance / exit management device. After the state matching unit is detected by the survival confirmation unit to be unable to communicate with the entry / exit management device, the communication control unit establishes a communicable connection with the entry / exit management device, The room entry / exit management device is requested for entry / exit information that dates back to the period during which communication with the room entry / exit management device was impossible.

  Moreover, the entrance / exit information apparatus of 1st invention may further have the acquisition log memory | storage part which memorize | stores the time which acquired entrance / exit information from the entrance / exit management apparatus as acquisition time. In this case, the state matching unit specifies the acquisition time of the most recently acquired entry / exit information by searching the acquisition log storage unit, sets the specified acquisition time as the state adjustment time, and this set It is desirable to request entry / exit information corresponding to the state adjustment time or later from the entry / exit management device.

  In the first invention, the state adjustment unit compares the upper limit time traced back to a preset reference period with the state adjustment time, and the state adjustment time exists earlier in time than the upper limit time. In that case, entry / exit information corresponding to the time after the upper limit time may be requested from the entry / exit management device.

  In the first invention, the communication control unit disconnects the communication connection established with the entry / exit management device when the existence confirmation unit detects that communication with the entry / exit management device is impossible. After that, it is preferable to request the entrance / exit management device to establish a new communication connection.

  Furthermore, in the first invention, the entrance / exit management device may be composed of a plurality of entrance / exit management devices that manage user entrance / exit in different areas. In this case, when it is detected by the existence confirmation unit that communication with at least one entry / exit management device among the plurality of entry / exit management devices is impossible, the communication control unit communicates with the plurality of entry / exit management devices. After disconnecting the communication connection established in the meantime, a request for establishment of a new communication connection is made to each of the plurality of entrance / exit management. When the communication control unit establishes a communicable connection with each of the plurality of entrance / exit management devices, the state matching unit and at least one entrance / exit management device among the plurality of entrance / exit management devices It is desirable to request each of a plurality of entrance / exit management devices for entry / exit information that dates back to the period during which communication was impossible.

  According to the present invention, the entrance / exit information managed by the entrance / exit management device while communication is impossible can be acquired on the entrance / exit information device side. Therefore, it becomes possible to match the current occupancy state of the user in the area with the occupancy state managed on the entrance / exit information device side.

  Furthermore, according to the present invention, even when a plurality of entrance / exit management devices are managed by the entrance / exit information device, it is possible to suppress the occurrence of a situation where the entrance / exit information is acquired insufficiently. Thus, it becomes possible to match the current occupancy state of the user in each area with the occupancy state managed on the entrance / exit information device side.

  FIG. 1 is a block diagram showing a configuration of a network management system according to the first embodiment of the present invention. The network management system 1 is configured by connecting an equipment system 10 and a network authentication system 20 to each other by a cooperation control device 30.

  The facility system 10 is an entry / exit management device that manages entry / exit from a low security level area (low security level area) to a high security level area (high security level area) that handles confidential information.

  The network authentication system 20 is a network constructed in a high security level area managed by the facility system 10. In the network authentication system 20, for example, confidential information is managed, and only an authenticated user is permitted to log on from the information terminal device connected to the network and is allowed to access the confidential information.

  The facility system 10 may be of any form as long as it manages the entry and exit from the low security level area to the high security level area. For example, as shown in FIG. It is possible to apply an equipment system that separates the high security level area and the low security level area with a door or the like and allows movement to each area in accordance with the authentication process.

  The facility system 10 performs authentication processing for all users who wish to enter the advanced security level area, authenticates only legitimate users registered in advance, and permits entry into the advanced security level area. Further, the facility system 10 performs an authentication process on a user who wishes to leave the high security level area, and permits the user to leave the high security level area. The low security level area and the high security level area are separated from each other by a door provided with an electric lock that can be locked and unlocked by an electric action.

  Specifically, the facility system 10 is stored in a semiconductor memory of a non-contact IC card (Integrated Circuit) 2 owned by the user by an entry card reader 11 provided outside the high security level area. Read information. By unlocking the electric lock locked under the control of the entrance / exit control unit 13 when it is authenticated as a legitimate user based on the card ID which is the authenticated information in the read information, Entering the security level area is allowed.

  In addition, the facility system 10 reads the above-described information of the IC card 2 by the leaving card reader 12 provided in the high security level area when leaving the high security level area. By unlocking the electric lock locked under the control of the entrance / exit control unit 13 when it is authenticated as a legitimate user based on the card ID which is the authenticated information in the read information, Exit from the security level area is allowed.

  When the facility system 10 unlocks the locked electric lock by such authentication processing, the card that uniquely identifies the IC card 2 among the information stored in the IC card 2 owned by the user. ID, door ID unique to the unlocked door, information indicating whether the room is entered or exited, and entrance / exit time indicating the time when the entrance / exit operation was performed (that is, the time when the electric lock was unlocked) It transmits to the cooperation control apparatus 30 mentioned later from the entrance / exit control unit 13 as entrance / exit information. In addition, an entrance / exit log storage unit (not shown) included in the entrance / exit control unit 13 stores the entrance / exit information sequentially every time the user performs an entrance / exit operation. The information indicating whether to enter or leave the room may be indicated by, for example, a device ID that uniquely identifies the entry card reader 11 or the exit card reader 12.

  The network authentication system 20 is constructed in the high security level area, and permits the connection from the terminal device 21n (n is a natural number) to the network according to the authentication processing by the authentication device 22 and the authentication server 23. In the following description, not only individual terminal devices 21n but also a plurality of terminal devices 21n are collectively referred to as terminal devices 21n.

  Specifically, the network authentication system 20 uses a technology for authenticating a user connected to a LAN (Local Area Network) switch or a wireless LAN access point established by IEEE (American Institute of Electrical and Electronics Engineers) 802.1X. Thus, an authentication process is performed in response to a network connection request that is an access request from the terminal device 21n. IEEE 802.1X is a protocol on Ethernet (registered trademark) that controls whether or not a LAN can be used. In addition, a RADIUS server that can centrally manage users to be authenticated by communication using RADIUS (Remote Authentication Dial-In-User-Service) as an authentication protocol is used for user authentication.

  The terminal device 21n is a so-called PC (Personal Computer) that can be used by a user who has entered the high security level area. The terminal device 21n exchanges information with the authentication device 22 and the authentication server 23 and requests connection to the network. It holds authentication client software called a supplicant.

  The authentication device 22 is connected to a plurality of terminal devices 21n by wire or wireless, and functions as a relay device that relays authentication processing between the authentication server 23 and the terminal device 21n. The authentication device 22 functions as a RADIUS client for the RADIUS server, and performs communication using RADIUS as an authentication protocol for communication with the RADIUS server. The authentication device 22 is a LAN switch, a wireless LAN access point, or the like that supports IEEE 802.1X and RADIUS, such as the authentication devices 22a and 22b, and links the terminal device 21n to the network for each port in cooperation with the authentication server 23. Connecting.

  The authentication server 23 is a RADIUS server in the RADIUS authentication. The authentication server 23 includes a user information storage unit (not shown) that holds information about a user who requests connection to the network via the terminal device 21n, and includes the authentication device 22 that is a RADIUS client. The terminal device 21n is authenticated through the network, and the network connection is notified according to the authentication result. A user information storage unit (not shown) provided in the authentication server 23 holds an account ID, which is information to be authenticated for uniquely identifying a user in the network, and a password corresponding to the account ID.

  The actual authentication procedure by the network authentication system 20 is defined by EAP (Extensible Authentication Protocol). In the network authentication system 20, a user ID (account ID) and a password are input to various EAP that can be used in IEEE802.1X, for example, EAP-MD5 (EAP-Message Digest alogorithm5) and PEAP (Protected-EAP). EAP that is required to be performed, EAP-TLS (EAP-Transport Layer Security) that authenticates using a digital electronic certificate, or the like can be used.

  FIG. 2 is a block diagram illustrating a system configuration of the cooperation control device 30. The cooperation control device 30 includes an external system I / F (interface) 31, an information conversion unit 32, an internal database 33, a network I / F (interface) 34, a RADIUS authentication unit 35, an authentication processing unit 36, The authentication state control part 37, the information management part 38, the authentication log memory | storage part 39, the acquisition log memory | storage part 40, the survival confirmation part 41, the state adjustment part 43, and the communication control part 42 are provided.

  The cooperation control device 30 is provided so as to pass through an authentication packet exchanged during authentication processing between the authentication device 22 of the network authentication system 20 and the authentication server 23, and the facility system 10 and the network authentication system 20. And linked control.

  The linkage control device 30 uses the information transmitted from the facility system 10 to change the user's access state (in-room state) in the facility system 10 such as moving from the low security level region to the high security level region. Whether the network authentication request, which is an authentication packet transmitted as an access request from the terminal device 21n to the authentication server 23 via the authentication device 22, is passed according to the change in the user's access state, Or it can be judged whether it refuses in advance of the authentication in the authentication server 23 without letting it pass.

  In addition, the cooperation control device 30 moves from the high security level area to the low security level area using information transmitted from the facility system 10 in a state where the user has already been authenticated for connection to the network. Ascertaining changes in the user's access status in the facility system 10 such as, forcing a re-authentication request according to the change in the user's access status, and rejecting authentication or connecting the connected network according to the authentication result It can be controlled to cut.

  The external system I / F 31 is a communication interface for connecting the facility system 10 and the cooperation control device 30. Communication between the facility system 10 and the cooperation control apparatus 30 via the external system I / F 31 can use a communication standard such as Ethernet (registered trademark), for example. Communication between the facility system 10 and the cooperation control device 30 via the external system I / F 31 is not limited to TCP / IP-based communication, and a non-IP field bus or the like can also be used.

  The information conversion unit 32 converts the information input to the cooperation control device 30 via the external system I / F 31 into a predetermined data format and stores it in the internal database 33.

  The internal database 33 is a database that stores various types of information used in the cooperation control device 30, and includes a user information storage unit 33A that stores static information defined for each user, and a dynamic that indicates the current state of the user. An authentication state storage unit 33B for storing various information, and a system information storage unit 33C for storing static information defined in relation to the facility system 10 and the network authentication system 20.

  The user information storage unit 33A, for each account ID, which is information to be authenticated for uniquely identifying the user in the network, the card ID of the IC card 2 held by the user registered in advance, and the user authenticating the network When this is done, the stayable time information indicating the time during which the authentication can be maintained is stored in association with each other. The information stored in the user information storage unit 33A is static information, and once set, it is held without being changed until a new user registration or system change occurs. The information update process of the user information storage unit 33A is executed by the information management unit 38 to be described later.

  FIG. 3 is an explanatory diagram showing an example of information stored and held in the user information storage unit 33A and its contents. The card ID is the card ID of the IC card 2 that is used when the facility system 10 enters and exits. When the information conversion unit 32 is notified of the card ID from the facility system 10, the information conversion unit 32 refers to the user information storage unit 33A to acquire the account ID, and updates the authentication status storage unit 33B based on the account ID. Execute. In addition, since one user may have a plurality of IC cards 2, a plurality of card IDs may be registered for one account ID.

  The stayable time information is information indicating a time given to the user specified by the account ID and permitted to maintain the network authentication. This stayable time information is compared with the time information indicating how long the user has used the network at the time of re-authentication of the network, and if the network usage time exceeds the stayable time, The re-authentication request is invalidated. The time information indicating how much network the user has used up to now is obtained by the authentication processing unit 36 from the authentication time information, which will be described later, indicating the time when the network authentication is permitted, which is stored in the authentication state storage unit 33B.

  The authentication status storage unit 33B includes, for each account ID, which is information to be authenticated for uniquely identifying the user in the network, staying area number information, entry time information, authentication time information, authentication device ID, and authentication Device port number information is stored in association with each other. The information stored in the authentication status storage unit 33B is dynamic information, depending on the user access status managed by the facility system 10, the network authentication status of the user managed by the network authentication system 20, and the like. It is updated by the information conversion unit 32 and the authentication processing unit 36 as needed.

  FIG. 4 is an explanatory diagram showing an example of information stored in the authentication status storage unit 33B and its contents. The staying area number information is number information for specifying the security level area where the user is currently staying, for example, the high security level area and the low security level area. Each security level area of the facility system 10 is assigned an identification number that uniquely identifies each security level area. The information conversion unit 32 determines which security level region the user is currently in from the information notified when the facility system 10 changes the state, that is, when the user moves between security level regions with an entry / exit operation. And the area number information indicating the security level area is stored as the staying area number information in the authentication state storage unit 33B. In other words, the user's occupancy state in the security level area can be grasped by referring to the stay area number information.

  For example, in the facility system 10, the entrance / exit door ID or exit door ID is transmitted from the entrance / exit control unit 13 when the state changes. The information conversion unit 32 uses the entrance door ID or exit door ID to specify the security level region stored in the system information storage unit 33C described later in association with the entrance door ID and exit door ID. And the area number information is written in the authentication state storage unit 33B as the staying area number information. The staying area number information stored in the user state storage unit 33B means that the user is in the room with respect to the advanced security level area corresponding to the staying area number information by storing this.

  The entry time information indicates the time when the stay in the security level area indicated as the stay area number information is started. For example, in the facility system 10, entry / exit information including an entry / exit time is transmitted from the entry / exit control unit 13 when there is a state change. The information conversion unit 32 writes this entry / exit time as entry time information in the authentication state storage unit 33B.

  The authentication time information indicates the time when the network authentication of the user is permitted. At the time of network re-authentication, the authentication processing unit 36 obtains the user's network usage time from the authentication time information, and is specified for each network usage time and the stayable time information or security level area defined for each user. Used for comparison with available time information.

  The authentication device ID indicates the IP address of the authentication device 22 to which the user who transmitted the network authentication request is connected via the terminal device 21n. This authentication device ID is used at the time of forced disconnection processing by SNMP.

  The authentication device port number information indicates the port number of the authentication device 22 to which the user who transmitted the network authentication request is connected via the terminal device 21n. This authentication device port number information is used during forced disconnection processing by SNMP.

  The system information storage unit 33C includes, for each area number information that is an identification number for uniquely identifying each security level area of the facility system 10, an entrance door ID, an exit door ID, available time information, The stayable time information and the authentication device ID are stored in association with each other. The information stored in the system information storage unit 33C is static information, and once set, it is held without being changed until there is a system change or the like. The information update process of the system information storage unit 33C is executed by the information management unit 38 described later.

  FIG. 5 is an explanatory diagram showing an example of information stored and held in the system information storage unit 33C and its contents. The entrance door ID and the exit door ID are prepared to correspond to the facility system 10 in which the security level region is separated by the door as in the facility system 10.

  The entrance door ID is an ID of an entrance door provided in the equipment system 10 and uses the ID of the entrance card reader 11 of the equipment system 10 corresponding one-to-one with the entrance door. The exit door ID is an ID of an exit door provided in the equipment system 10 and uses the ID of the exit card reader 12 of the equipment system 10 corresponding to the exit door on a one-to-one basis. A plurality of entrance door IDs and exit door IDs can be set according to the number of doors provided in the security level area.

  The available time information is information indicating a time zone in which use of the network is permitted in this security level area. Specifically, the available time information is time information obtained by pairing start time information permitted to use the network and end time information. This available time information is used at the time of network authentication and re-authentication.

  The stayable time information is information indicating a time during which network authentication is permitted in this security level area. The stayable time information is compared with the time information indicating how long the user has used the network at the time of re-authentication of the network, and if the network usage time exceeds the stayable time, The authentication request is invalidated. At this time, the shorter one of the stayable time information stored in the system information storage unit 33C and the stayable time information stored in the user information storage unit 33A is preferentially used. become.

  The authentication device ID indicates the IP address of the authentication device 22 installed in this security level area. A plurality of authentication device IDs can be set according to the number of authentication devices 22 set in the security level area.

  Referring back to FIG. 2, the network I / F 34 is a communication interface for performing communication between the cooperation control device 30, the authentication device 22, and the authentication server 23. The network I / F 34 corresponds to Ethernet (registered trademark) or a TCP / IP stack.

  The RADIUS authentication unit 35 includes an authentication request relay unit 35A, a request relay determination unit 35B, and a device setting storage unit 35C, and executes processing related to RADIUS authentication.

  The authentication request relay unit 35A relays a RADIUS packet transmitted / received between the authentication device 22 and the authentication server 23 in the RADIUS authentication. At this time, the authentication request relay unit 35A acquires information necessary for the authentication processing in the authentication processing unit 36, such as an account ID included in the RADIUS packet of the network authentication request. It also has a function of recalculating the authentication code defined in the RADIUS standard.

  The request relay determination unit 35B makes a final determination on whether to transmit a network authentication request to the authentication server 23 or to reject the network authentication request based on the authentication determination made by the authentication processing unit 36. The request relay determination unit 35 </ b> B generates a rejection response packet and transmits it to the authentication device 22 when a rejection response is made.

  The device setting storage unit 35C manages all the secret shared keys held by the authentication device 22 and the authentication server 23, which are necessary for confirming the validity of the RADIUS communication, in association with the IP address of the communication partner. .

  The authentication processing unit 36 performs an authentication process using the account ID included in the RADIUS packet of the network authentication request transmitted from the authentication device 22 and the information stored in the user information storage unit 33A of the internal database 33. It is determined whether a network authentication request is transmitted to the authentication server 23.

  When the authentication device 22 supports authentication state control from the outside, the authentication state control unit 37 immediately transmits a request for resetting the authentication state in response to a change in the user's action state.

  The authentication state control unit 37 is a functional unit that operates when the authentication device 22 holds a management information database called MIB (Management Information Base). Specifically, by exchanging the MIB, which is the management information, in SNMP (Simple Network Management Protocol), which is a management protocol in a TCP / IP network environment standardized by IETF (Internet Engineering Task Force), The authentication state control unit 37 can manage the authentication device 22. That is, when an SNMP agent is given to the authentication device 22, the authentication state control unit 37 functions as an SNMP manager. For example, a MIB defined by IEEE 802.1x can be used.

  The information management unit 38 stores static information stored in the user information storage unit 33A and the system information storage unit 33C, setting information stored in the device setting storage unit 35C, and the like with an HTTP (S) server, Telnet, etc. Can be managed from the outside using.

  The authentication log storage unit 39 stores an authentication processing result by the authentication processing unit 36 and a log of device operation status. The authentication log storage unit 39 has a Syslog output function.

  The acquisition log storage unit 40 stores a log of acquisition of entrance / exit information transmitted from the facility system 10. By referring to the acquisition log storage unit 40, it is possible to grasp the time when the most recent entry / exit information was acquired. The acquisition log storage unit 40 does not need to store a series of times when the entry / exit information is acquired, and the previously stored time is updated by the time when the entry / exit information was most recently acquired. It may be in such a form.

  The survival confirmation unit 41 detects the communication abnormality with respect to the facility system 10, that is, the communication with the facility system 10 is impossible by performing the survival confirmation with a predetermined cycle. As a technique of the survival confirmation by the survival confirmation part 41, the method of judging based on the survival confirmation signal periodically transmitted from the installation system 10 is mentioned, for example. Specifically, the survival confirmation unit 41 determines whether or not a survival confirmation signal is transmitted within a predetermined waiting time from the facility system 10 that is the survival confirmation destination. The survival confirmation unit 41 detects that communication with the facility system 10 is possible when a survival confirmation signal is acquired within a predetermined waiting time. On the other hand, when the survival confirmation signal is not acquired within the predetermined waiting time, it is detected that communication with the facility system 10 is impossible.

  As a survival confirmation method, a survival confirmation signal is transmitted from the survival confirmation unit 41 to the equipment system 10 and a survival confirmation response in response thereto is transmitted from the equipment system 10 during a predetermined waiting time. When acquisition is not possible, it may be detected that communication with the facility system 10 is impossible.

  The communication control unit 42 has a function of controlling the state of communication connection with the facility system 10. The communication control unit 42 can establish a communication connection with the facility system 10 or disconnect the communication connection. The communication connection established / disconnected by the communication control unit 42 is a logical connection. In addition, the communication control unit 42 may allow communication from the equipment system 10 to the cooperative control device 30 by establishing a communication connection with the equipment system 10 and releasing the connection. it can.

  The state matching unit 43 manages the entrance / exit information managed in the facility system 10, that is, the user's occupancy state in the current security level area, and the entrance / exit information managed on the cooperation control device 30 side (specifically, The entrance / exit information is subjected to the state matching process so that the state corresponds to the staying area number information included in the authentication state storage unit 33B of the internal database 33). Specifically, the state matching unit 43 can communicate with the facility system 10 by the communication control unit 42 after the existence check unit 41 detects that communication with the facility system 10 is impossible. When the connection is established, the facility system 10 is requested to enter / exit information that dates back to the period during which communication with the facility system 10 was impossible.

  As will be described later, in the network management system 1, the occupancy state of the user managed by the cooperation control device 30 is important for network authentication. That is, the user's occupancy status managed by the cooperation control device 30 needs to be matched with the user's actual occupancy status in the security level area managed in the facility system 10. Therefore, the procedure of the state matching process by the cooperation control device 30 will be described below.

  FIG. 6 is a timing chart showing the operation of the state matching process executed by the cooperation control device 30 according to the first embodiment. First, it is assumed that the user enters the room from the door managed by the facility system 10 from the low security level area to the high security level area where the network is constructed (entrance / exit operation a). Specifically, the user puts the IC card 2 in the room card reader 11. In response to this, the entrance / exit control unit 13 reads the information stored in the semiconductor memory of the IC card 2, authenticates the card ID, and unlocks the locked electric lock.

  The entry / exit control unit 13 includes a card ID read from the IC card 2, an entry door ID that uniquely identifies the door that unlocked the electric lock, information indicating entry, and an operation time that is the current time. Are associated with each other, and the associated information is stored as entry / exit information in an entry / exit log recording unit (not shown). Further, the entrance / exit control unit 13 uniquely identifies the card ID read from the IC card 2 and the door that unlocks the electric lock, on the assumption that the communication connection with the cooperative control device 30 is established / released. The entry door ID specified in the above, information indicating that the room is entered, and the operation time are transmitted as entry / exit information to the cooperation control device 30.

  On the premise of such a series of operations, in step 1 (S1), when the cooperation control apparatus 30 acquires the entry / exit information a from the facility system 10 via the external system I / F 31, this is used in the authentication process. It converts so that it can do, it memorize | stores in the authentication status memory | storage part 33B of the internal database 33, and memorize | stores the user's present occupancy state in the security level area | region of the equipment system 10.

  Specifically, the information conversion unit 32 refers to the user information storage unit 33A using the card ID of the IC card 2 transmitted from the entrance / exit control unit 13, and is stored in association with this card ID. Get an account ID. In addition, the information conversion unit 32 refers to the system information storage unit 33C using the entrance door ID transmitted from the entrance / exit control unit 13, and determines the advanced security level area stored in association with the entrance door ID. Get area number information to be identified.

  Then, the information conversion unit 32 uses the area number information acquired from the system information storage unit 33C as the staying area number information indicating that the user is currently staying in the high security level area from the user information storage unit 33A. In association with the acquired account ID, it is stored in the authentication status storage unit 33B. Further, the information conversion unit 32 stores the operation time transmitted from the entry / exit control unit 13 in the authentication state storage unit 33B as the entry time information when the user starts staying (staying) in the high security level area. .

  Further, the cooperation control device 30 stores the current time when the entry / exit information a is acquired in the acquisition log storage unit 40.

  In addition, although it demonstrated taking the case of entering into an example, even if a user leaves a high security level area | region, operation | movement of the equipment system 10 and the cooperation control apparatus 30 is the same.

  In step 2 (S2), the survival confirmation unit 41 of the cooperation control device 30 acquires a survival confirmation transmitted from the facility system 10 according to a predetermined execution cycle. The survival confirmation unit 41 refers to the elapsed time counted from the time when the previous survival confirmation is acquired, and determines whether or not the survival confirmation is acquired during a predetermined waiting time. This waiting time is set to a value larger than the execution period of the survival confirmation transmitted from the facility system 10.

  If it is determined that the survival confirmation acquired from the equipment system 10 is acquired during the waiting time, the survival confirmation unit 41 detects that communication with the equipment system 10 is possible. When the existence check unit 41 detects that communication is possible, the cooperation control device 30 stands by in order to acquire new entry / exit information from the facility system 10.

  On the other hand, in step 3 (S3), the survival confirmation unit 41 refers to the elapsed time counted from the time when the previous survival confirmation was acquired, and when this elapsed time reaches a predetermined waiting time, the facility system Detect that communication with the system is not possible. Cases in which communication with the facility system 10 is impossible include, for example, that the facility system 10 is not operating normally due to a failure of the facility system 10, or that the facility system 10 is linked due to cable damage or poor connection. It is conceivable that the connection with the control device 30 is physically disconnected.

  When it is detected by the existence confirmation unit 41 that communication is impossible, in step 4 (S4), the communication control unit 42 disconnects the currently established communication connection with the facility system 10. The establishment system 10 is requested to establish a new communication connection. In the case where the connection between the facility system 10 and the linkage control device 30 is physically disconnected, even if the communication control unit 42 requests the facility system 10 to establish a new connection, Since the system system 10 does not respond to this, the communication connection between the equipment system 10 and the cooperation control apparatus 30 is not established. If the equipment system 10 does not respond to the connection establishment request despite the connection establishment request, the communication control unit 42 again establishes the communication connection at a predetermined execution cycle, that is, after a predetermined time has elapsed. Request.

  Even in a period in which communication between the facility system 10 and the cooperation control device 30 is not possible, the facility system 10 manages user entry / exit in the security level area. For example, it is assumed that the user enters the room from the low security level area to the high security level area where the network is constructed through the door managed by the entry / exit control unit 13 (entrance / exit operations b and c). In this case, as in step 1, the card ID read from the IC card 2, the door ID that uniquely identifies the door that unlocked the electric lock, the information indicating that the door is being entered, and the operation that is the current time After associating the time with each other, the associated information is stored in an entrance / exit log recording unit (not shown) as entrance / exit information. In addition, since the communication connection between the facility system 10 and the cooperation control apparatus 30 is not established, the entrance / exit information to the cooperation control apparatus 30 by the equipment system 10 is not transmitted.

  In step 5 (S5), the communication control unit 42 requests connection establishment in response to the arrival of a predetermined execution cycle. When the physical disconnection state between the equipment system 10 and the linkage control device 30 is restored at a certain timing, such as cable replacement / reconnection, the equipment system 10 responds to this, The communication control unit 42 establishes a new communication connection with the facility system 10. Then, the communication control unit 42 determines that a communicable connection with the facility system 10 has been established, and then opens the communication connection. The communication control unit 42 determines that there is an abnormality in the equipment system 10 itself when the number of communication connection establishment requests made to the equipment system 10 reaches the number of determinations. Also good.

  In step 6 (S6), the state adjustment unit 43 requests the equipment system 10 to adjust the state. As a premise of this request, the state matching unit 43 searches the acquisition log storage unit 40 and specifies the latest acquisition time when the entrance / exit information is acquired from the facility system 10. When the state acquisition unit 43 sets the specified acquisition time as the state adjustment time, the state adjustment unit 43 requests the facility system 10 for entry / exit information corresponding to the state adjustment time and thereafter. Specifically, the state adjustment unit 43 transmits the state adjustment time to the facility system 10 together with the transmission request for the entry / exit information.

  In the facility system 10, the entrance / exit control unit 13 acquires the entry / exit information transmission request and the state adjustment time from the cooperation control device 30, and refers to the entry / exit log storage unit using the state adjustment time as a key. The entry / exit information b, c stored according to the entry / exit operations b, c later in time than the state adjustment time is searched. When the entrance / exit control unit 13 reads the entrance / exit information b and c from the entrance / exit log storage unit, the entrance / exit control unit 13 outputs the entrance / exit information to the linkage controller 30.

  In step 7 (S7), the cooperation control apparatus 30 acquires the entrance / exit information b from the equipment system 10 via the external system I / F 31 and converts it into the authentication process so that it can be used. It memorize | stores in the authentication status memory | storage part 33B, and memorize | stores the user's present occupancy state in the security level area | region of the equipment system 10. FIG. In step 8 (S8), when the cooperation control device 30 acquires the entry / exit information c from the equipment system 10 via the external system I / F 31, it converts the information to be used in the authentication process, and converts it into the internal database. The authentication status storage unit 33 </ b> B stores the current occupancy status of the user in the security level area of the equipment system 10.

  The cooperation control apparatus 30 matches the user's occupancy state in the security level area managed by the cooperation control apparatus 30 with the user's occupancy state in the actual security level area by such state matching processing. As a premise, cooperation between the equipment system 10 and the network authentication system 20 is performed by the following operation.

  FIG. 7 is a timing chart showing the basic processing operation of the network management system 1 using the cooperation control device 30. A user who has entered the high security level area attempts to connect to the network by transmitting a network authentication request as an access request from the terminal device 21n via the authentication device 22 according to the IEEE 802.1X procedure. In the initial state, since the line between the terminal device 21n and the network is disconnected by the authentication device 22, the terminal device 21n can only communicate with the authentication device 22.

  First, in step 10 (S10), in order to connect to the network, the user inputs an account ID and password from the terminal device 21n, and transmits a network authentication request, which is an authentication packet, to the authentication device 22. The terminal device 21n transmits a network authentication request to the authentication device 22 as a MAC (Media Access Control) frame containing an EAP message. At this time, the account ID is transmitted in plain text, and the password is transmitted in a hashed state.

  The authentication device 22 extracts the EAP message from the MAC frame, transfers it to the IP packet, and transmits it to the cooperation control device 30. Specifically, the authentication device 22 stores the EAP message extracted from the authentication device 22 in the data portion of the RADIUS packet and transmits it to the cooperation control device 30 using UDP in the upper layer of IP.

  In the authentication sequence in the RADIUS authentication process between the authentication device 22 and the authentication server 23, only the EAP message of the first RADIUS packet transmitted as a network authentication request from the authentication device 22 is EAP-Type = Identity data that is a plaintext account ID. Exists. In the RADIUS packet, in addition to this account ID, the IP address of the authentication device 22 as information of the authentication device 22, the port number of the authentication device 22 connected to the terminal device 21n, and the like are described as RADIUS attribute information.

  In step 11 (S11), the authentication request relay unit 35A of the RADIUS authentication unit 35 acquires the identity data attached to the EAP message of the RADIUS packet of the network authentication request received via the network I / F 34, and the authentication processing unit 36. Further, the authentication request relay unit 35A acquires the IP address of the authentication device 22 from the received RADIUS packet of the network authentication request and outputs it to the authentication processing unit 36.

  In step 12 (S12), the authentication processing unit 36 uses the account ID of the acquired Identity data as a key to display the current access state in the high security level area of the user stored in the authentication state storage unit 33B of the internal database 33. The area number information during stay, which is information to be displayed, and the entry time information are requested. Further, the authentication processing unit 36 uses the acquired IP address of the authentication device 22 as a key to specify a high security level region where the authentication device 22 is installed, which is stored in the system information storage unit 33C of the internal database 33. Request number information and available time information. This area number information indicates the high security level area in which the authentication device 22 that has transmitted the network authentication request is installed.

  In step 13 (S13), the authentication processing unit 36 stores the stay area number information, the entry time information, and the system information storage, which are information indicating the current access state in the high security level area of the user acquired from the authentication state storage unit 33B. Whether the network authentication request transmitted from the authentication device 22 can be transferred to the authentication server 23 is determined based on the area number information and the available time information acquired from the unit 33C.

  In addition, if the information acquired from the authentication status storage unit 33B indicates that the corresponding user exists in the high security level area and has already been authenticated on the network, a network authentication request is made. Since it is known that the user is an unauthorized user, the authentication state of the authentication state storage unit 33B may be rewritten from being authenticated to being disconnected.

  In step 14 (S14), the authentication processing unit 36 acquires from the staying area number information and the system information storage unit 33C, which is information indicating the current access state in the high security level area of the user acquired from the user information storage unit 33A. Compared with the area number information thus obtained, it can be confirmed that the user exists at the high security level and the network authentication request is cut off from the high security level area. Further, the available time information acquired from the system information storage unit 33C The authentication judgment is made to the request relay judgment section 35B of the RADIUS authentication section 35 in accordance with the fact that it is confirmed that the time is permitted to use the network in this advanced security level area by comparing with the current time. Notice.

  In step 15 (S15), the request relay determination unit 35B makes a final determination to transmit a network authentication request to the authentication server 23 in response to the authentication determination from the authentication processing unit 36, via the network I / F 34. Then, a network authentication request is transmitted to the authentication server 23.

  In step 16 (S16), the authentication processing unit 36 acquires from the staying area number information and the system information storage unit 33C, which is information indicating the current access state in the high security level area of the user acquired from the authentication state storage unit 33B. In response to the fact that the user does not exist in the advanced security level area and the network authentication request is not transmitted from the advanced security level area where the user exists, Alternatively, the available time information acquired from the system information storage unit 33C is compared with the current time, and it has been confirmed that the time is not permitted to use the network in the advanced security level area. In response, the rejection determination is notified to the request relay determination unit 35B of the RADIUS authentication unit 35. That.

  In step 17 (S17), the request relay determination unit 35B rejects transmission of the network authentication request to the authentication server 23 in response to the rejection determination from the authentication processing unit 36, generates a rejection response packet, and generates the network I The data is transmitted to the authentication device 22 via / F34. Based on the transmitted rejection response packet, the authentication device 22 notifies the terminal device 21n of a rejection response indicating that the network authentication request has been rejected.

  In step 18 (S18), in response to the transmission of the network authentication request to the authentication server 23, the response packet transmitted from the authentication server 23 to which the EAP message is attached and the request packet transmitted from the terminal device 21n are exchanged. Thus, the authentication process on the user's network is executed.

  Specifically, the authentication server 23 performs collation processing with information stored in a user information storage unit (not shown) using the account ID attached to the network authentication request as a key. The authentication server 23 hashes the password of the target user associated with the transmitted account ID and stored in the user information storage unit with a predetermined hash function, and is hashed attached to the network authentication request. Compare with the password and check if the hashed passwords match.

  At this time, the authentication request relay unit 35A of the cooperation control device 30 passes through the request packet and the response packet between the terminal device 21n and the authentication server 23 without performing anything. The authentication device 22 functions as a relay device that performs only EAP message transfer as described above.

  In step 19 (S19), the authentication server 23 sends either an authentication permission notification indicating that the authentication server 23 has been authenticated or an authentication disapproval notification indicating that the authentication has not been performed, to the RADIUS of the cooperation control device 30. The data is transmitted to the authentication device 22 via the authentication unit 35.

  When receiving the authentication permission notification from the authentication server 23, the authentication device 22 opens the line between the terminal device 21n and the network. Accordingly, the user can access the network via the terminal device 21n, and can communicate with other terminal devices on the network.

  When the authentication device 22 receives an authentication non-permission notification from the authentication server 23, the authentication device 22 transmits a message notifying that authentication is not permitted to the terminal device 21n without releasing the line between the terminal device 21n and the network. To do.

  In step 20 (S20), when an authentication permission notification is received from the authentication server 23, the authentication request relay unit 35A of the RADIUS authentication unit 35 stores the network authentication result in the authentication state storage unit 33B of the internal database 33. The information stored in the authentication status storage unit 33B includes, for example, an account ID, a device ID that uniquely identifies the authentication device 22 to which the terminal device 21n is connected, a port number that is open to the network, and authentication. For example, the permitted authentication time.

  In this way, in the network management system 1 in which the facility system 10 and the network authentication system 20 are mutually connected and linked by the linkage control device 30, in the high security level area of the user in the detected facility system 10. Based on the current entry / exit state, the cooperation control device 30 determines in the previous stage of notifying the authentication server 23 of the validity of the network authentication request made from the terminal device 21n.

  As a result, the facility system 10 and the network authentication system 20 can be easily linked simply by adding (add-on) the linkage control device 30 to the existing system, so that no effort is required for network construction. Therefore, it is possible to construct a network management system that can eliminate the connection of the user who has illegally entered the high security level to the network at a low cost.

  In addition, since the cooperation control device 30 is provided, it is not necessary for the authentication server 23 to execute useless authentication processing in response to a suspicious network authentication request requested from the terminal device 21n. The load can be greatly reduced.

  As described above, according to the present embodiment, on the condition that a communication capable of communication with the facility system 10 is newly established, the communication is not possible by the cooperation control device 30 during the period. Retrospective entry / exit information is requested to the facility system 10. As a result, it is possible to acquire the entrance / exit information managed in the facility system 10 while communication is impossible on the cooperation control device 30 side. Therefore, it becomes possible to match the current occupancy state of the user in the security level area with the occupancy state managed on the cooperation control device 30 side.

  Moreover, according to this embodiment, with reference to the acquisition log memory | storage part 40 which memorize | stores the time which acquired the entrance / exit information from the equipment system 10, the state adjustment time is set. Thereby, it becomes possible to acquire entrance / exit information corresponding to a period during which communication between the facility system 10 and the cooperation control device 30 was impossible. Therefore, it is possible to acquire only information that could not be reflected in the cooperation control device 30 without acquiring extra information.

  In the present embodiment, the acquisition time storage unit 40 that stores the time when the entry / exit information is acquired from the facility system 10 is referred to to set the state adjustment time, but the present invention is not limited to this. For example, the cooperation control apparatus 30 uses the last time when the staying state area number information or the entry time information of the staying state of the internal database 33, that is, the authentication state storage unit 33B, is stored (updated) as the state adjustment time. It may be set.

  In a case where a long time has elapsed since communication with the facility system 10 has become impossible, a large number of room entry / exit operations may be performed in the facility system 10 during that time. Therefore, when entry / exit information is requested retroactively to the state adjustment time, an enormous amount of entry / exit information must be processed, which may increase the processing load on the cooperation control device 30. Therefore, the state adjustment unit 43 sets a reference period in advance, for example, 24 hours, and sets the time (upper limit time) that goes back to the reference period from the timing when a communicable connection is established. Compare the time. When the state adjustment time is older than the upper limit time, that is, when the state adjustment time exists before the upper limit time, the entrance / exit information corresponding to the upper limit time or later is stored in the facility system 10. May be requested. Thereby, since the amount of entry / exit information to be processed in accordance with the state adjustment in the cooperation control device 30 can be limited, the processing load on the cooperation control device 30 can be reduced.

  Further, from the viewpoint of simplifying the system configuration, the time when the entry / exit information is acquired need not be stored. In this case, a time (reference time) traced back for a predetermined period after establishment of a communicable connection may be set as the state adjustment time. However, in this case, the entry / exit information corresponding to before the reference time cannot be reflected on the cooperative control device 30 side, but the final state of the occupancy state only needs to be reflected on the cooperative control device 30 side. Therefore, if the user performs an entry / exit operation after the reference time, the state can be reflected on the cooperation control device 30 side.

(Second Embodiment)
FIG. 8 is a block diagram showing the configuration of the network management system according to the second embodiment of the present invention. The network management system 1 according to the second embodiment is different from that of the first embodiment in that the facility system 10 manages the entrance and exit of the first high security level area. 10a and a second facility system 10b that manages entry / exit of a second advanced security level area different from the first advanced security level area. The first and second facility systems 10a and 10b perform authentication processing for all users who wish to enter the individual advanced security level areas, and authenticate only legitimate users registered in advance. Allow entry into security level area. In addition, the first and second facility systems 10a and 10b perform an authentication process on a user who wants to leave the individual high security level area, and permits the user to leave the high security level area. The low security level area and the high security level area are separated from each other by a door provided with an electric lock that can be locked and unlocked by an electric action. In addition, about the structure of each facility system 10a, 10b, the network authentication system 20, and the cooperation control apparatus 30, it is as having explained in full detail in 1st Embodiment, The detailed description is attached | subjected by attaching | subjecting the same code | symbol. Is omitted. Hereinafter, the state matching process by the cooperation control apparatus 30 for the first and second facility systems 10a and 10b, which is one of the features of the present embodiment, will be described.

  FIG. 9 is a timing chart illustrating the operation of the state matching process executed by the cooperation control device 30 according to the second embodiment. First, it is assumed that the user enters the room from the door managed by the first equipment system 10a from the low security level area to the first high security level area where the network is constructed (entrance / exit operation a). Specifically, the user puts the IC card 2 in the room card reader 11. In response to this, the entrance / exit control unit 13 reads the information stored in the semiconductor memory of the IC card 2, authenticates the card ID, and unlocks the locked electric lock.

  In the first equipment system 10a, the entrance / exit control unit 13 includes a card ID read from the IC card 2, an entrance door ID that uniquely identifies the door that unlocks the electric lock, and information indicating that the entrance is present. The operation time that is the current time is associated with each other, and the associated information is stored in an entry / exit log recording unit (not shown) as entry / exit information. In addition, the entrance / exit control unit 13 uniquely identifies the card ID read from the IC card 2 and the door that unlocks the electric lock, on the assumption that the communication connection with the cooperative control device 30 is established / released. The entry door ID, the information indicating that the room is entered, and the operation time are transmitted as entry / exit information to the cooperation control device 30.

  On the premise of such a series of operations, in step 30 (S30), the cooperation control apparatus 30 authenticates the entry / exit information a from the first facility system 10a via the external system I / F 31. The data is converted so that it can be used in processing, and is stored in the authentication status storage unit 33B of the internal database 33, and the current occupancy status of the user in the high security level area of the equipment system 10 is stored. The cooperation control device 30 stores the current time when the entry / exit information a is acquired in the acquisition log storage unit 40. In addition, in the acquisition log memory | storage part 40, from the viewpoint of reduction of processing load, it is not memorize | stored from which equipment system 10a, 10b from which entrance / exit information was acquired. That is, only the time when the entrance / exit information is simply acquired is stored.

  In step 31 (S31), the survival confirmation unit 41 of the cooperation control device 30 acquires the survival confirmation transmitted from the first equipment system 10a and the second equipment system 10b according to a predetermined execution cycle. The survival confirmation unit 41 uses the survival confirmation from the first equipment system 10a and the survival confirmation of the second equipment system 10b as processing targets, and has been counted since the previous survival confirmation was acquired. With reference to the time, it is determined whether or not a survival confirmation is acquired during a predetermined waiting time. This waiting time is set to a value larger than the execution period of the survival confirmation transmitted from the first and second facility system 10a, 10b. The survival confirmation transmitted from the first equipment system 10a and the second equipment system 10b does not need to be performed synchronously, and the cooperative control device 30 does not perform the individual equipment systems 10a and 10b. Can be confirmed independently.

  When the survival confirmation unit 41 determines that the survival confirmations acquired from the first equipment system 10a and the second equipment system 10b are acquired during the waiting time, the first equipment system 10a and the second equipment system 10a It is detected that communication with the second facility system 10b is possible. When it is detected by the existence confirmation unit 41 that communication is possible, the cooperation control device 30 stands by in order to acquire new entry / exit information from the first and second facility systems 10a, 10b.

  On the other hand, in step 32 (S32), the survival confirmation unit 41 determines that the elapsed time has reached the waiting time in one or both of the survival confirmations transmitted from the first and second facility system 10a, 10b. Then, it detects that communication with the facility system 10a, 10b is impossible. In the present embodiment, for example, it is assumed that communication with the second facility system 10b is impossible.

  When it is detected by the existence confirmation unit 41 that communication is impossible, in step 33 (S33), the communication control unit 42 presents between the first equipment system 10a and the second equipment system 10b. Disconnect each established communication connection. Then, the communication control unit 42 requests each of the first equipment system 10a and the second equipment system 10b to establish a new communication connection. For example, in the case where the connection is physically disconnected, even if the communication control unit 42 requests the second equipment system 10b to establish a new communication connection, the second equipment system 10b Since it does not respond to this, the connection between the 2nd installation system 10b and the cooperation control apparatus 30 is not established. On the other hand, when the communication control unit 42 requests the first equipment system 10a to establish a new communication connection, the first equipment system 10a and the linkage control device 30 are physically connected. Therefore, the first equipment system 10a responds to this, and the communication control unit 42 establishes a connection with the first equipment system 10a. However, the communication control unit 42 is connected to the first equipment system 10a unless connection is established with all equipment systems, that is, unless connection is established with the second equipment system 10a. Even if a connection is established between them, the connection is not released. If the second equipment system 10b does not respond to the connection establishment request despite the connection establishment request, the communication control unit 42 establishes the communication connection at a predetermined execution cycle, that is, after a predetermined time has elapsed. Perform a new establishment request.

  Even in such a situation, the first facility system 10a and the second facility system 10b manage the user's entry into and exit from each high security level area. For example, it is assumed that the user enters the room from the door managed by the entrance / exit control unit 13 of the first equipment system 10a from the low security level area to the first high security level area where the network is constructed ( Entry / exit operation b). In this case, similarly to step 1, in the first equipment system 10a, the card ID read from the IC card 2, the entrance door ID that uniquely identifies the door that unlocked the electric lock, and the entrance is indicated. The information and the operation time that is the current time are associated with each other, and the associated information is stored in an entry / exit log recording unit (not shown) as entry / exit information b.

  Further, it is assumed that the user enters the room from the door managed by the entrance / exit control unit 13 of the second equipment system 10b from the low security level area to the second high security level area where the network is constructed ( Entry / exit operation b). In this case, similarly to step 1, in the second equipment system 10b, the card ID read from the IC card 2, the entrance door ID that uniquely identifies the door that unlocked the electric lock, and the entrance is indicated. The information and the operation time that is the current time are associated with each other, and the associated information is stored in an entrance / exit log recording unit (not shown) as entrance / exit information.

  In addition, since the connection between the 2nd installation system 10b and the cooperation control apparatus 30 is not established, the connection between the 1st installation system 10a and the cooperation control apparatus 30 is not open | released. Therefore, the cooperation control apparatus 30 does not acquire the entrance / exit information b and c from the first equipment system 10a and the second equipment system 10b, respectively.

  In step 34 (S34), the communication control unit 42 issues a connection establishment request to the second facility system 10b in response to the arrival of a predetermined execution cycle. When the physical disconnection state between the second equipment system 10b and the cooperation control device 30 is restored at a certain timing, such as cable replacement / reconnection, the second equipment system 10b In order to respond to this, the communication control unit 42 establishes a communication connection with the second facility system 10b. And the communication control part 42 opens each connection synchronously, after determining that the connection which can communicate between all the installation type | system | group systems 10a and 10b was established.

  In step 35 (S35), the state matching unit 43 requests the first and second equipment system 10a, 10b for state matching. As a premise of this request, the state matching unit 43 searches the acquisition log storage unit 40 and specifies the latest acquisition time when the entry / exit information is acquired from the first facility system 10a or the second facility system 10b. . When the state acquisition unit 43 sets the specified acquisition time as the state adjustment time, the entry / exit information corresponding to the state adjustment time and thereafter is sent to the first equipment system 10a and the second equipment system 10b. To request each. Specifically, the state adjustment unit 43 transmits the state adjustment time to the first facility system 10a and the second facility system 10b together with the transmission request for the entry / exit information.

  In the first equipment system 10a, the entrance / exit control unit 13 obtains the entry / exit information transmission request and the state adjustment time from the cooperation control device 30, and refers to the entrance / exit log storage unit using the state adjustment time as a key. Then, the entry / exit information b stored in response to the entry / exit operation b later in time than the state adjustment time is searched. When the entrance / exit control unit 13 reads the entrance / exit information b from the entrance / exit log storage unit, the entrance / exit control unit 13 outputs this information to the linkage control device 30. Further, in the second facility system 10b, the entrance / exit control unit 13 acquires the entry / exit information transmission request and the state adjustment time from the cooperative control device 30, and uses the state adjustment time as a key to enter / exit log storage unit. , The stored / exit information c stored in response to the enter / exit operation c later in time than the state adjustment time is searched. When the entrance / exit control unit 13 reads the entrance / exit information c from the entrance / exit log storage unit, the entrance / exit control unit 13 outputs this information to the linkage control device 30.

  In step 36 (S36), when the cooperation control apparatus 30 acquires the entry / exit information b from the first equipment system 10a via the external system I / F 31, it converts the information to be used in the authentication process, The authentication status storage unit 33B of the database 33 stores the current occupancy status of the user in the high security level area of the equipment system 10. In step 37 (S37), when the cooperation control apparatus 30 acquires the entry / exit information c from the second equipment system 10b via the external system I / F 31, the cooperation control apparatus 30 converts the information so that it can be used in the authentication process. Then, it is stored in the authentication state storage unit 33B of the internal database 33, and the current occupancy state of the user in the high security level area of the equipment system 10 is stored.

  As described above, according to this embodiment, when communication with at least one of the first facility system 10a and the second facility system 10b becomes impossible, the facility system that can communicate is included. Communication connection with all the facility systems 10a and 10b is interrupted. Then, on the condition that a communicable connection has been established between the two equipment systems 10a and 10b, a state matching process is performed on each of the equipment systems 10a and 10b.

  For example, in the state where only the first facility system 10a becomes abnormal and the entry / exit information cannot be acquired from the first facility system 10a as in the above-described embodiment, the second facility system 10b If the entrance / exit information is acquired, the state acquisition time is set to the latest acquisition time acquired from the second equipment system 10b. Therefore, when the state adjustment process is performed based on this state adjustment time, there is a possibility that the entry / exit information acquired from the first equipment system 10a may be deficient.

  In this regard, according to the present embodiment, such inconvenience is solved by cutting off the communication connection of each of the facility systems 10a and 10b and performing a state adjustment process after establishing a connection capable of communicating with each other. can do. As a result, it becomes possible to match the current occupancy state of the user in the security level area with the occupancy state managed on the cooperation control device 30 side.

  By the way, the time when the entrance / exit information for the first and second equipment systems 10a, 10b is acquired is stored, and the time corresponding to the first equipment system 10a that has become unable to communicate is stored. It is also conceivable to perform the state matching process after referring to. However, according to such a method, it is necessary to specify the facility system 10a that is the transmission source of the entry / exit information, and there is a risk that the processing may be complicated. Can do.

  The above-described embodiment is an example of the present invention. For this reason, the present invention is not limited to the above-described embodiment, and various modifications can be made depending on the design and the like as long as the technical idea according to the present invention is not deviated from this embodiment. Of course, it is possible to change.

  For example, in the first or second embodiment described above, the high security level area and the low security level area are separated by a door or the like, and the facility system allows the movement to each area according to the authentication process. The present invention is not limited to this. The equipment system 10 may be an equipment system that recognizes users in the high security level area and the low security level area that communicate with each other in addition to a closed area with a door or the like therebetween. In this equipment system, wireless communication between a non-contact IC card 2 owned by a user and a zone monitoring sensor installed in a common zone that is a low security level area or a specific zone that is a high security level area, A card ID is obtained from the IC card 2 owned by the user, and authentication processing is performed by the authentication control unit, thereby recognizing the user existing in each zone. The IC card 2 used in this equipment system has a function equivalent to, for example, an active RFID (Radio Frequency IDentification) tag. In such an equipment system, among the information stored in the IC card 2 owned by the user, the card ID that is the authentication information for uniquely identifying the IC card 2 and the zone monitoring sensor that has acquired the card ID are unique. The device ID to be specified is transmitted from the authentication control unit to the cooperation control device 30 described later. With such a configuration, the system may manage not only entering / exiting a closed area but also entering / exiting a specific area (entrance / exit).

1 is a block diagram showing the configuration of a network management system according to a first embodiment The block diagram which shows the system configuration | structure of the cooperation control apparatus 30 Explanatory drawing which shows an example of the information memorize | stored and held by the user information storage part 33A, and its content Explanatory drawing which shows an example of the information memorize | stored in the authentication status memory | storage part 33B, and its content Explanatory drawing which shows an example of the information memorize | stored and held in the system information storage part 33C, and its content The timing chart which shows the operation | movement of the state matching process performed by the cooperation control apparatus 30 concerning 1st Embodiment. Timing chart showing basic processing operation of the network management system 1 using the cooperation control device 30 The block diagram which shows the structure of the network management system concerning 2nd Embodiment. The timing chart which shows the operation | movement of the state adjustment process performed by the cooperation control apparatus 30 concerning 2nd Embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Network management system 2 IC card 10 Equipment system 10a 1st equipment system 10b 2nd equipment system 11 Entrance card reader 12 Exit card reader 13 Entrance / exit control unit 20 Network authentication system 21n Terminal device 22 Authentication device 23 Authentication Server 30 Cooperation Control Device 31 External System I / F
32 Information conversion unit 33 Internal database 33A User information storage unit 33B Authentication status storage unit 33C System information storage unit 34 Network I / F
35 RADIUS Authentication Unit 35A Authentication Request Relay Unit 35B Request Relay Determination Unit 35C Device Setting Storage Unit 36 Authentication Processing Unit 37 Authentication Status Control Unit 38 Information Management Unit 39 Authentication Log Storage Unit 40 Acquisition Log Storage Unit 41 Survival Confirmation Unit 42 Communication Control Unit 43 Conditioning section

Claims (5)

Network authentication constructed in an area managed by the entrance / exit management device and the entrance / exit management device for managing the user's entrance / exit in a predetermined area according to the authentication processing result based on the authentication target information that uniquely identifies the user The system is connected to each other, and from the entry / exit management device , information on the user's entry / exit in the area is obtained as entry / exit information, and the user's occupancy state in the area is based on the obtained entry / exit information In the entrance / exit information device that manages
An occupancy state storage unit that stores the occupancy state of the user in the area according to the entry / exit information acquired from the entry / exit management device;
A survival confirmation unit that detects that communication with the entry / exit management device is impossible,
A communication control unit for establishing a communication connection with the entrance / exit management device;
After the existence checking unit detects that communication with the room entry / exit management device is impossible, the communication control unit establishes a communicable connection with the room entry / exit management device. A status matching unit for requesting the entrance / exit management device for the entrance / exit information traced back to a period during which communication with the entry / exit management device was impossible;
Based on the network authentication request from the network authentication system and the occupancy status of the user stored in said occupancy status storage unit, and having a said network authentication processing unit that performs authentication processing of the authentication system Entrance / exit information device. An acquisition log storage unit that stores the time when the entry / exit information is acquired from the entry / exit management device as an acquisition time;
The state adjustment unit specifies the acquisition time of the entry / exit information acquired most recently by searching the acquisition log storage unit, sets the specified acquisition time as the state adjustment time, and the set The entry / exit information device according to claim 1, wherein the entry / exit information corresponding to the state adjustment time or later is requested to the entry / exit management device.   The state adjustment unit compares an upper limit time traced back to a preset reference period and the state adjustment time, and the state adjustment time is present in time before the upper limit time. The entrance / exit information device according to claim 2, wherein the entrance / exit information corresponding to the upper limit time or later is requested to the entrance / exit management device.   The communication control unit, after disconnecting the communication connection established with the entry / exit management device when the existence confirmation unit detects that communication with the entry / exit management device is impossible, 4. The entry / exit information device according to any one of claims 1 to 3, wherein the entry / exit management device is requested to establish a new communication connection. The entrance / exit management device is configured by a plurality of entrance / exit management devices that manage user entrance / exit in different areas.
The communication control unit, when it is detected by the survival confirmation unit that communication with at least one entry / exit management device among the plurality of entry / exit management devices is impossible, After disconnecting each communication connection established during the period, requesting each of the plurality of entrance / exit management to establish a new communication connection,
When the communication control unit establishes a communicable connection with each of the plurality of entrance / exit management devices, the state adjustment unit manages at least one of the plurality of entrance / exit management devices. 5. The entrance / exit information device according to claim 4, wherein the entrance / exit information is requested to each of the plurality of entrance / exit management devices, dating back to a period during which communication with the device was impossible.

Images