JP5207031B2 - Entrance / exit management system - Google Patents

Description

  The present invention relates to an entrance / exit management system using an anti-passback (route monitoring) that restricts / monitors a passage route when entering / exiting an important facility or a management target area.

In a conventional entrance / exit management system, access control based on an ID (ID for user identification) number of an IC card and anti-passback (path monitoring) based on a reader / writer ID or an area ID are performed. As an entrance / exit management system using such anti-passback (route monitoring), for example, in Patent Document 1 (Japanese Patent Laid-Open No. 2004-287991), a global anti-passback check is performed together with an ID determination to specify a specific area. It is an access control system that manages the access to and from, and it is used repeatedly by each passerby, and it is rewritten to store the traffic information that knows the current area that is rewritten every time it passes through the gate to enter and exit a specific area together with the ID number A portable storage unit that is provided in each of the plurality of gates for entering and exiting the specific area, and previously storing an ID number and a passage condition that are permitted to pass through each of the plurality of gates. The ID number and the traffic information are read from the unit, and the ID determination is performed based on the ID number permitted to pass in advance. In both cases, the portable storage unit generates a command for allowing a passer to pass if the traffic information matches a pre-stored traffic condition, and indicates that the vehicle is in the next area after passing the gate. There is described an access control system comprising an access controller that performs a global anti-passback check for rewriting traffic information.
JP 2004-287991 A

  However, in the route monitoring method described in Patent Document 1, access authority for each user recognition ID is registered in the reader / writer in advance, or is managed on the central server side and inquired by communication via the network. There is a problem that the operation maintenance efficiency is not good due to the huge amount of data maintenance when adding / deleting / updating users and installing a new IC card reader / writer.

  Further, in the anti-passback based on the reader / writer ID or the area ID, it is necessary to determine and register the traffic conditions according to the installation conditions for each card reader, and the initial setting work is complicated.

The present invention solves the various problems as described above, and the invention according to claim 1 surrounds the area of the highest security level in the management target area and the area of the highest security level. An entrance confirmation IC provided at the boundary between the security level area and the area where the security level gradually decreases in accordance with the surrounding stage further away from the highest security level area. An area of a certain security level, which consists of a card reader / writer, an IC card reader / writer for exit confirmation provided at the boundary between areas of different security levels, and an IC card whose security level can be rewritten by the IC card reader / writer And the next lower security level area All entry confirmation IC card reader-writer provided in the section, the security level of the IC card so as to raise one rewrites the security level of the IC card like Rutotomoni, areas of certain security level one below it All exit confirmation IC card reader / writers that are provided at the boundary with the security level area rewrite the security level of the IC card in the same way so as to lower the security level of the IC card by one. .

  According to the entrance / exit management system of the present invention, addition / deletion / update of a user and installation of a new card reader / writer in anti-passback (route monitoring) for restricting the passage route when entering / exiting an important facility or management target area In this case, it is possible to simplify the work of data maintenance and improve the operation management efficiency.

  Further, according to the entrance / exit management system of the present invention, it is possible to realize the installation conditions for each reader / writer simply by adjusting to the zoning, the initial setting work and the maintenance work can be simplified, and the system construction is flexible. Therefore, the initial setting work and the data maintenance work during operation can be saved.

  Further, according to the entrance / exit management system of the present invention, it is set so that the security level of its own IC card must be updated by the card reader / writer every time it enters / exits the user management target area. , Can prevent companion when entering and leaving.

  In addition, according to the present invention, since the card reader / writer is set so that the security level of its own IC card must be updated as described above, it is easy to grasp the number of persons existing in the management target area. Become.

  Further, according to the entrance / exit management system of the present invention, it is possible to flexibly cope with the security level being set according to a plurality of stages according to the status of the management target area.

  Further, when an existing facility is to be managed by the entrance / exit management system of the present invention, it can be realized simply by newly connecting a card reader / writer to the network.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. FIG. 1 is a diagram showing an appearance of an IC card reader / writer used in an entrance / exit management system according to an embodiment of the present invention, and FIG. 2 shows an IC card used in the entrance / exit management system according to the embodiment of the present invention. It is a figure which shows the block structure of a reader / writer. In such an IC card reader / writer, it is assumed that the system of this embodiment is installed inside and outside each room in the building.

  In the entrance / exit management system of this embodiment, such an IC card reader / writer is provided near both the entrance and exit of a predetermined door. The user who wants to enter or leave the IC card reader / writer holds the IC card that the user has, so that the IC card reader / writer can read the information stored in the IC card in a non-contact manner, or depending on the case. Updates the information stored in the IC card. The IC card reader / writer is configured to determine permission of entry / exit of the user, control of unlocking / locking of the electric lock of the door, and the like based on the read information of the IC card. For such entrance / exit management by the IC card reader / writer and the IC card, a conventionally known one can be used.

  1 and 2, 10 is an IC card reader / writer, 11 is a system bus, 12 is a CPU, 13 is a RAM, 14 is a ROM, 15 is a reader / writer control unit, 16 is a reader / writer unit, and 17 is a display panel control unit. , 18 is a display panel, 19 is an authentication indicator light control unit, 20 is an authentication indicator light, 21 is an audio control unit, 22 is a speaker, 23 is an input control unit, 24 is a numeric keypad, 26 is a communication control unit, and 27 is an external device. Each control unit is shown.

  The operation of the IC card reader / writer 10 is performed by the CPU 21 cooperating with each control unit based on a system program stored in the ROM 23 connected via the system bus 11. The RAM 13 functions as a temporary storage unit when the system program operates. The IC card reader / writer 10 has tamper resistance against analysis and unauthorized disassembly in the IC card reader / writer 10 by an analysis device.

  In FIG. 2, the main control of the IC card reader / writer 10 is performed by a CPU (central processing unit) 12 using a system program stored in the ROM 14 and working data stored in the RAM 13.

  The CPU 12 includes a display panel control unit 17 that drives the display panel 18, an authentication indicator light control unit 19 that drives the authentication indicator light 20, an audio control unit 21 that drives the speaker 22, and a numeric keypad 24 via the system bus 11. An input control unit 23 is connected to process the input.

  As shown in FIG. 1, the display panel 18 is presented to the user so as to hold the IC card he has.

  The authentication indicator lamp 20 displays the result of card authentication performed by the IC card reader / writer 10. The speaker 22 is configured to generate an electronic sound such as “beep” when the IC card is held over the reader / writer unit 16 and wireless communication with the IC card is successful.

  The numeric keypad 24 is used, for example, as a numeric key for inputting a password when the IC card is damaged.

  The reader / writer 16 that functions as a means for communicating with an IC card includes an antenna (not shown) that performs wireless communication with the IC card. This reader / writer 16 communicates with the IC card held in the antenna communication area based on the control of the CPU 12 and reads the data related to the card ID of the IC card. Write predetermined information. Further, based on the determination of the IC card reader / writer 10, the external device control unit 27 controls external devices such as an electric lock that performs locking and unlocking.

  Next, installation of the IC card reader / writer 10 configured as described above will be described. FIG. 3 is a diagram showing a state of the IC card reader / writer 10 installed near the door in the entrance / exit management system of the present embodiment.

  FIG. 3 shows a state in which a zone with a security level (N-1) and a zone with a security level N are separated by a door 200 and a wall surface. The IC card reader / writer provided in the zone having the security level N is assumed to be 10A, and the IC card reader / writer provided in the zone having the security level N-1 is assumed to be 10B. An electric lock 300 is provided on the door 200 and the wall surface, and the electric lock 300 is connected to a pair of IC card reader / writers 10A and 10B with the door 200 interposed therebetween.

  In the present embodiment, the entry / exit management target area is divided by the concept of zones, and one zone is given one security level. In the present embodiment, the higher the security level value, the more severe the security.

  In this example, the door has been described. However, such a pair of IC card reader / writers 10A and 10B is installed at a region boundary entry / exit location, and other examples include doors, gates, gates, and the like. Can be mentioned.

  As shown in FIG. 3, in the entrance / exit management system of this embodiment, a pair of IC card reader / writers 10 </ b> A and 10 </ b> B are provided near the entrance and exit of a predetermined door 200. A user who wants to enter / exit through the door 200 causes the IC card reader / writer 10A, 10B to read the IC card by holding the IC card held by the user over the IC card reader / writer 10A, 10B. The IC card reader / writers 10A and 10B perform control processing such as entry / exit permission determination and unlocking / locking of the electric lock 300 of the door 200 according to the information of the IC card possessed by the user.

  Next, the overall configuration of the entrance / exit management system according to the embodiment of the present invention will be described. FIG. 4 is a diagram showing a system configuration of the entire entrance / exit management system according to the embodiment of the present invention. In FIG. 4, 10A and 10B respectively indicate IC card reader / writer pairs. In FIG. 4, only three pairs of the IC card reader / writers 10A and 10B are exemplarily shown, but a necessary number of IC card reader / writers are provided in the entry / exit management target area.

  Next, the present embodiment will be described together with the method of zoning the entrance / exit management target area and the installation status of the IC card reader / writer in the entrance / exit management system. FIG. 5 is a diagram showing an installation example of the IC card reader / writer in the entrance / exit management system according to the embodiment of the present invention.

  FIG. 5 as a whole shows the entrance / exit management target area of this embodiment. In this example, the area A, area B, area C, and area D surrounded by site boundaries, walls, doors, doors, gates, etc. are set. Has been. A gate 210 and a gate 211 are provided at the boundary of the region D, a door 220, a door 221, a door 222, a door 223, and a door 224 are provided at the boundary of the region C, and a door 230 is provided at the boundary of the region B. The door 231, the door 232, and the door 233 are provided, and the door 240, the door 241, and the door 242 are provided at the boundary portion of the area A. The electric lock 300 and the pair of IC card reader / writers 10A and 10B described above are connected to these doors and gates. The plurality of pairs of IC card reader / writers 10A and 10B are connected to a communication line.

  The security level is set to 5 for the zone zoned inside the zone A, the security level is set to 4 for the zone between zone A and zone B, and the zone between zone B and zone C is the security level. Is set to 3, the security level is set to 2 for the area between the areas C and D, and the security level is set to 1 for the area outside the area D (the area outside the management target area).

  The area targeted by the entry / exit management system of the invention is not limited to the area shown in FIG. However, zoning the target area in such a manner that the security level gradually increases from outside the site is a universal basis for the present invention.

  All the IC card reader / writers 10B (for entering confirmation) provided at the boundary of the region D rewrite the security level stored in the IC card from 1 to 2.

  Further, all the IC card reader / writers 10A (for exit confirmation) provided at the boundary portion of the area D rewrite the security level stored in the IC card from 2 to 1.

  All the IC card reader / writers 10B (for entry confirmation) provided at the boundary of the area C rewrite the security level stored in the IC card from 2 to 3.

  Further, all the IC card reader / writers 10A (for exit confirmation) provided at the boundary of the area C rewrite the security level stored in the IC card from 3 to 2.

  All the IC card reader / writers 10B (for entering confirmation) provided at the boundary of the area B rewrite the security level stored in the IC card from 3 to 4.

  Further, all the IC card reader / writers 10A (for exit confirmation) provided at the boundary of the area B rewrite the security level stored in the IC card from 4 to 3.

  All the IC card reader / writers 10B (for entry confirmation) provided at the boundary of the area A rewrite the security level stored in the IC card from 4 to 5.

  Further, all the IC card reader / writers 10A (for exit confirmation) provided at the boundary of the area A rewrite the security level stored in the IC card from 5 to 4.

  In this way, the IC card reader / writer provided at the boundary between the two security levels is set so that any IC card reader / writer rewrites the security level stored in the IC card from the security level X to the security level Y. Therefore, route monitoring can be performed, so that complicated settings are not required for system construction.

  Also, with such a configuration, it is possible to simplify the work of data maintenance and improve operation management efficiency when adding, deleting, and updating users, installing a new IC card reader / writer 10, and the like.

  In addition, according to the above configuration, the installation conditions for each IC card reader / writer 10 can be realized only by matching the zones with different security levels, and the initial setting work and the maintenance work can be simplified. The flexibility of system construction can be improved, and the initial setting work and the data maintenance work during operation can be saved.

  Next, an IC card used for the entrance / exit management system according to the embodiment of the invention will be described. FIG. 6 is a diagram showing a block configuration of an IC card used in the entrance / exit management system according to the embodiment of the present invention. In FIG. 6, 100 is an IC card, 102 is a card ID data storage unit, 103 is a security level data storage unit, 104 and 105 are other data storage units, 111 is an antenna unit, 112 is a power generation unit, and 113 is communication control. Reference numeral 114 denotes an I / O unit, 115 denotes a CPU, and 116 denotes a memory.

  The IC card 100 has a wireless communication function, and is a non-contact type IC card that can transmit and receive information to and from other information devices. That is, the IC card 100 includes an antenna unit 111, a communication control unit 113 for communicating (communication) with the reader / writer 16 of the IC card reader / writer 10, the communication control unit 113, and the I / O unit 114. Connected to the CPU 115, the memory 116 storing predetermined card data in addition to the system program data, and the power wave from the IC card reader / writer 10 via the antenna unit 111, And a power generation unit 112 that generates driving power.

  The memory 116 includes a card ID data storage unit 102 that stores and holds identification information of the IC card 100 itself, a security authority data storage unit 103, a security level data storage unit 104, and other data that stores and holds other information. A storage unit 105 and the like are included. The number of other data storage units 105 is not limited to two, and a necessary number of data storage units 105 may be provided as necessary. Information related to entry / exit permission / denial corresponding to the card ID data of the IC card 100 is set in the security authority data storage unit 103. In other words, the security authority data stored in the security authority data storage unit 103 in the IC card 100 is configured to limit which IC card reader / writer 10 is permitted to be accessed.

  A unique ID is set for each of the IC card readers / writers 10A, 10B, and for each IC card 100, which ID of the IC card reader / writer 10A, 10B is permitted to enter or exit is a security authority. It is written and stored in the data storage unit 103. FIG. 7 is a diagram showing a data configuration example of the security authority data storage unit in the entrance / exit management system according to the embodiment of the present invention. FIG. 7 shows data stored in the security authority data storage unit 103 in an IC card 100. The left column in FIG. 7 shows the reader / writer ID assigned to each IC card reader / writer 10, and the right column shows the passage permission / non-permission flag. The passage permission / non-permission flag is a flag related to whether to allow passage by the IC card reader / writer 10 of the corresponding ID or not, for example, in the case of “1” Traffic permission is set, and when it is “0”, traffic is not permitted.

  Next, the operation of the entrance / exit management system according to the embodiment of the present invention configured as described above will be described. FIG. 8 is a view showing a flowchart of the entrance / exit determination process in the IC card reader / writer 10 of the entrance / exit management system according to the embodiment of the present invention. Such a flowchart is executed in the IC card reader / writer 10. Further, the IC card reader / writer 10 in which the processing of the flowchart shown in FIG. 8 is executed is located at the boundary between the security level N area and the next lower security level (N-1) area. Applies to everything provided. In particular, the flowchart of FIG. 8 is executed by the one installed in the area of the security level (N−1) in the boundary portion as described above.

  Note that, for those which are installed in the region where the security level of the boundary portion is N as described above, “write N to the security level data storage portion of the IC card” in step S107 of the flowchart of FIG. A flowchart in place of “write (N−1) to the security level data storage unit of the IC card” may be executed.

  In FIG. 8, when the entry / exit determination process is started in step S100, the process proceeds to step S101, and the corresponding reader / writer ID (the IC card 100 performs wireless communication without contact) in the security authority data storage unit 103 in the IC card 100. The passage permission / non-permission flag of the ID of the IC card reader / writer 10 that is being used is read.

  In step S102, it is determined whether or not a permission flag is set based on the read passage permission / non-permission flag.

  When the result of determination in step S102 is YES, the process proceeds to step S103, and when the result of determination in step S102 is NO, the process proceeds to step S108.

  In step S108, which proceeds when the result of determination in step S102 is NO, an NG lamp is turned on in the authentication indicator lamp 20, and a sound that gives an impression of non-approval is emitted from the speaker 22.

  In step S103, which proceeds when the determination result in step S102 is YES, the value "SL" in the security level data storage unit 103 of the IC card 100 is read.

  Next, in step S104, it is determined whether or not “SL = N−1 or SL = N” is satisfied. Note that the reason for not determining only whether or not “SL = N” is satisfied in step S104 is that when the user mistakenly holds the IC card 100 over the IC card reader / writer 10 several times, it cannot be unlocked. This is to prevent it from becoming impossible.

  When the determination result of step S104 is YES, the process proceeds to step S105, and when the determination result of step S104 is NO, the process proceeds to step S108. In step S108, which proceeds when the result of the determination in step S104 is NO, an NG lamp is turned on in the authentication indicator lamp 20, and a sound that gives an impression of non-approval is emitted from the speaker 22.

  In step S105, which proceeds when the determination result in step S104 is YES, an OK lamp is turned on in the authentication indicator lamp 20 of the IC card reader / writer 10, and a confirmation sound or the like is output from the speaker 22.

  In the next step S106, N is written in the security level data storage unit 103 of the IC card 100. In a succeeding step S107, the unlocking process of the electric lock 300 is executed.

  In step S109, the entry / exit determination process of the IC card reader / writer 10 is terminated.

  As described above, according to the entrance / exit management system of the present invention, in anti-passback (route monitoring) for restricting passage routes when entering / exiting important facilities and management target areas, addition / deletion / update of users and new card reader / writers are performed. When installing the system, it is possible to simplify the work of data maintenance and improve the operation management efficiency.

  Further, according to the entrance / exit management system of the present invention, the installation conditions for each IC card reader / writer 10 can be realized only by adjusting to the zoning, and the initial setting work and the maintenance work can be simplified. The construction flexibility can be improved, and the initial setting work and the data maintenance work during operation can be saved.

  Further, according to the entry / exit management system of the present invention, the security level of the IC card 100 must be updated by the IC card reader / writer 10 every time the user management area is entered / exited. Therefore, it is possible to prevent companion when entering and leaving.

  Further, according to the entrance / exit management system of the present invention, it is possible to flexibly cope with the security level being set according to a plurality of stages according to the status of the management target area.

  Further, when an existing facility is to be managed by the entrance / exit management system of the present invention, it can be realized simply by newly connecting the IC card reader / writer 10 to the network.

  Next, another zoning method for the entrance / exit management target area will be described. FIG. 9 is a diagram showing another installation example of the IC card reader / writer in the entrance / exit management system according to the embodiment of the present invention.

  9 shows the entrance / exit management target area of the present embodiment. In this example, the area A, the area A ′, the area B, the area C, which are surrounded by the site boundary, wall surface, door, door, gate, etc. Area D is set. The zoning in FIG. 9 is different from that in FIG. 5 in that the areas where the security level is set to 5 exist as areas A and areas A ′. The entrance / exit management system of the present invention can cope with such a case where zoning is performed in an enclave shape, and the various effects of the present invention described above can also be achieved by such zoning. Is.

  Next, another embodiment of the present invention will be described. In the present embodiment, by introducing a history management server, the number of persons existing in a zone of a predetermined security level can be grasped. FIG. 10 is a diagram showing the system configuration of the entire entrance / exit management system according to another embodiment of the present invention, and FIG. 11 shows the history in the history management server of the entrance / exit management system according to another embodiment of the present invention. It is a figure which shows the example of management data structure.

  In FIG. 10, 10A and 10B indicate IC card reader / writer pairs, and 400 indicates a history management server. Here, the operation will be described with particular attention to the IC card reader / writer 10A for exiting and the IC card reader / writer 10B for entering provided in the zone of security level N shown in FIG.

  When a predetermined IC card is processed, the IC card reader / writer 10A transmits data related to the IC card to the history management server 400 as exit log data. The IC card reader / writer 10B transmits data related to the IC card to the history management server 400 as room entry log data when processing of a predetermined IC card is performed. The history management server 400 receives the exit log data from the IC card reader / writer 10A and the entrance log data from the IC card reader / writer 10B, and manages the log data using the history management data as shown in FIG. 11, for example. By doing so, it is possible to grasp the number of people in the security level N zone. More specifically, the number of records managed by the history management data shown in FIG. 11 can be grasped as the number of persons existing in the security level N zone.

  FIG. 12 is a diagram showing a flowchart of history management processing for a zone with a security level N. The flowchart shown in FIG. 12 is processed in the history management server 400 in a subroutine. Further, the flowchart shown in FIG. 12 corresponds only to the zone with the security level N.

  In FIG. 12, when the N zone history management process is started in step S200, the process proceeds to step S201, where log data relating to the IC card processed from the reader / writer in the N zone is received.

  In step S202, it is determined whether the received log data is entry log data. When the determination result of step S202 is YES, the process proceeds to step S203, and when the determination result is NO, the process proceeds to step S204.

In step S203, a record relating to the IC card is added to the log data table (FIG. 11) of the zone with the security level N. (However, there is no duplication using the card ID as a key.)
In step S204, it is determined whether or not the received log data is exit log data. When the determination result of step S204 is YES, the process proceeds to step S205, and when the determination result is NO, the process proceeds to step S206.

In step S205, the record relating to the IC card is deleted from the log data table (FIG. 11) of the security level N zone. (However, there is no duplication using the card ID as a key.)
In step S206, predetermined error processing is executed.

  According to the embodiment as described above, it is possible to grasp the number of persons existing in a zone of a predetermined security level.

It is a figure which shows the external appearance of the IC card reader / writer used for the entrance / exit management system which concerns on embodiment of this invention. It is a figure which shows the block configuration of the IC card reader / writer used for the entrance / exit management system which concerns on embodiment of this invention. In the entrance / exit management system of this embodiment, it is a figure which shows the mode of the IC card reader / writer installed in the door vicinity. It is a figure which shows the system configuration | structure of the whole entrance / exit management system which concerns on embodiment of this invention. It is a figure which shows the example of installation of the IC card reader / writer in the entrance / exit management system which concerns on embodiment of this invention. It is a figure which shows the block configuration of the IC card used for the entrance / exit management system which concerns on embodiment of this invention. It is a figure which shows the data structural example of the security authority data storage part in the entrance / exit management system which concerns on embodiment of this invention. It is a figure which shows the flowchart of the entrance / exit determination process in the IC card reader / writer 10 of the entrance / exit management system which concerns on embodiment of this invention. It is a figure which shows another example of installation of the IC card reader / writer in the entrance / exit management system which concerns on embodiment of this invention. It is a figure which shows the system configuration | structure of the whole entrance / exit management system which concerns on other embodiment of this invention. It is a figure which shows the example of a log | history management data structure in the log | history management server of the entrance / exit management system which concerns on other embodiment of this invention. It is a figure which shows the flowchart of the log | history management process of the zone whose security level is N. FIG.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 ... IC card reader / writer, 11 ... System bus, 12 ... CPU, 13 ... RAM, 14 ... ROM, 15 ... Reader / writer control unit, 16 ... Reader / writer unit , 17 ... Display panel control unit, 18 ... Display panel, 19 ... Authentication indicator light control unit, 20 ... Authentication indicator light, 21 ... Audio control unit, 22 ... Speaker, 23 ... Input control unit, 24 ... Numeric keypad, 26 ... Communication control unit, 27 ... External device control unit, 100 ... IC card, 102 ... Card ID data storage unit, 103 ... Security level data storage unit 104, 105 ... Other data storage unit, 111 ... Antenna unit, 112 ... Power generation unit, 113 ... Communication control unit, 114 ... I / O unit 115 ... PU, 116 ... Memory, 200 ... Door, 210, 211 ... Gate, 220, 221, 222, 223, 224 ... Door, 230, 231, 232, 233 ... Door, 240, 241, 242, door, 300, electric lock, 400, history management server

Claims (1)

The highest security level area in the managed area, and
An area that is provided so as to surround the area of the highest security level, and that has a security level that gradually decreases from the area of the highest security level according to a surrounding stage that is further away;
IC card reader / writer for entry confirmation provided at the boundary between areas of different security levels;
IC card reader / writer for exit confirmation provided at the boundary between areas of different security levels;
It consists of an IC card whose security level can be rewritten by an IC card reader / writer,
All the IC card reader / writers for confirming entry that are provided at the boundary between a certain security level area and the next lower security level area are designed to increase the IC card security level by one. the the same as rewriting Rutotomoni,
All exit card readers / writers at the boundary between a certain security level area and the next lower security level area are designed to lower the IC card security level by one. An entrance / exit management system characterized by rewriting in the same way .

Images