JP5278256B2 - Card management system - Google Patents

Description

  The present invention relates to management of validity / invalidity of an IC card when using a computer using the IC card, and more particularly, to an IC card automatic allocation technique for preventing a decrease in security.

  Conventionally, an IC card is used in various commercial transactions. At this time, in order to prevent unauthorized use of the IC card, the IC card is validated or invalidated when a predetermined condition is satisfied (see, for example, Patent Documents 1 and 2).

Japanese Patent Laid-Open No. 3-1289 JP 2006-253762 A

  If a regular IC card (regular card) is lost, a temporary IC card (temporary card) is issued and the service is received with the temporary card so that the user can receive the service. It is. In this case, it is necessary to invalidate the lost legitimate card so that it cannot be used illegally. When a lost regular card is found, it is necessary to re-validate the found regular card and invalidate the temporary card. Whether the regular card is lost or found, it is necessary to make one card valid and the other card invalid, and there is a problem that security is lowered if one process is not performed.

  Accordingly, an object of the present invention is to provide a card management system capable of preventing a decrease in security when a regular card is lost or when a regular card is found.

  In order to solve the above problems, in the present invention, the management server is a system that is connected to an administrator PC and a client PC via a network and manages a regular card that is a regular card and a temporary card that has been temporarily issued. The administrator PC includes a card reading unit that reads a card ID from a card, and a unit that transmits the read card ID to the management server. The management server includes a user ID, a card ID, and a card status. User / card information storage means that records the card type in association with the user / card information, card information storage means that stores the card ID used in the client PC, and the card ID and operation received from the administrator PC The user ID selected on the screen is associated with the user / card information storage means and registered. The card status of the regular card corresponding to the user ID registered in the user / card information storage means is set to a state that is not “valid”, and the user / card information storage means is set according to the card ID received from the administrator PC. A card having user / card information setting means for setting the card status of the temporary card stored in the card to invalid and setting the card status of the regular card stored in the user / card information storage means to “valid” Provide a management system.

  According to the present invention, the user / card information storage means stores the user ID, the card ID, the card status, and the card type in association with each other, and associates the card ID of the read temporary card with the selected user ID. The temporary card is validated by registering it in the user / card information storage means, and the card status of the regular card corresponding to the registered user ID is set to a state that is not “valid” (“invalid” or “temporarily invalid”). Since the regular card is invalidated, when the regular card is lost, the regular card and the temporary card are not activated at the same time, and it is possible to prevent the security from being lowered.

  According to the present invention, it is possible to prevent a decrease in security even when a regular card is lost or a regular card is found.

1 is a schematic configuration diagram showing an embodiment of a card management system according to the present invention. It is a functional block diagram showing one embodiment of a card management system concerning the present invention. 4 is a diagram illustrating an example of information stored in a user / card information storage unit 11. FIG. It is a figure which shows an example of the information memorize | stored in the card information storage part. 4 is a diagram illustrating an example of information stored in an administrator authentication unit 18. FIG. It is a flowchart which shows the processing operation of the card management system at the time of a regular card loss. It is a flowchart which shows the processing operation of the card management system in the case of validating a regular card first at the time of a regular card discovery. It is a flowchart which shows the processing operation of a card management system in the case of reissuing a regular card. It is a figure which shows the correspondence of a user and a card | curd at the time of applying this invention to an employee ID card.

(1. System configuration)
DESCRIPTION OF EXEMPLARY EMBODIMENTS Hereinafter, preferred embodiments of the invention will be described in detail with reference to the drawings. FIG. 1 is a schematic configuration diagram showing an embodiment of a card management system according to the present invention. The card management system according to the present embodiment includes a management server that manages a plurality of client PCs (PC terminals), an administrator PC that is a terminal device that is used directly when an administrator enables / disables a temporary card, and a card As a result of the authentication by the client PC, it is configured by a client PC whose use is determined. Each of the administrator PC and the client PC is provided with an IC card R / W (reader / writer). In this specification, a card means a portable storage medium that records a card ID. In this specification, the following description will be given assuming an IC card which is one form of the card.

  FIG. 2 is a functional block diagram showing an embodiment of the card management system according to the present invention. The card management system according to the present embodiment includes an administrator PC 20 that is a terminal device used directly when an administrator enables / disables a temporary card, a management server 10 that centrally manages a plurality of clients 40, a client It is comprised by PC40.

  The management server 10 includes a user / card information storage unit 11, a card information storage unit 12, a user / card information setting unit 13, a network communication unit 15, a card authentication unit 16, a regular card reissue unit 17, and an administrator authentication unit 18. Have. The user / card information storage unit 11 stores association information between a user ID and a card ID. The card information storage unit 12 stores a card ID that can be used in the present system. A card that is not registered in the card information storage unit 12 cannot be registered in the user / card information storage unit 11. The user / card information storage unit 11 and the card information storage unit 12 are realized by a storage device such as a hard disk connected to the management server 10. The user / card information setting unit 13 performs processing for validating the temporary card and processing for invalidating the temporary card. The network communication unit 15 communicates with the administrator PC 20 and the client 40 via the network. The card authentication unit 16 authenticates the card read by the client 40. The regular card reissue unit 17 performs processing for reissuing a regular card. The administrator authentication unit 18 holds a user ID having administrator authority, and performs administrator authentication for validating / invalidating a temporary card by authenticating a card set by the administrator on the card R / W 27. . Note that a user ID and password may be used for administrator authentication. The management server 10 is realized by incorporating a dedicated program for realizing the above components into a general-purpose computer.

  Here, information recorded in the management server 10 will be described. 3 is a diagram illustrating an example of information stored in the user / card information storage unit 11, FIG. 4 is a diagram illustrating an example of information stored in the card information storage unit 12, and FIG. It is a figure which shows an example of performed information. As shown in FIG. 3, the user / card information storage unit 11 stores a user ID, a card ID, a card status, a card type, a card activation date / time, and a card invalidation date / time in association with each other. Whether the card is valid / invalid is determined by the value of the card status. In the normal state, as shown in FIG. 3A, the user / card information storage unit 11 uses the card ID of the regular card (in FIG. 3A, the card with the card ID “001” is the regular card). The card status corresponding to.) Is “valid”. If the registered card is a temporary card, the card type is checked. The card activation date / time and the card invalidation date / time are set to the date / time when the corresponding card status becomes valid and the date / time when it becomes invalid. Thereby, it is possible to know retroactively who used which temporary card during a specific period. As shown in FIG. 4, the card ID recorded on the card is registered in the card information storage unit 12 without distinguishing between a regular card and a temporary card. As illustrated in FIG. 5, the administrator authentication unit 18 stores a user ID of a user having administrator authority. The administrator authenticating unit 18 authenticates only the administrator having the user ID stored therein as a valid administrator, and permits the card validation / invalidation work.

  The administrator PC 20 includes a network communication unit 23, an R / W driver 25, an administrator information processing unit 26, and a card R / W 27. The network communication unit 23 communicates with the management server 10 via the network. The R / W driver 25 controls the card R / W 27. The administrator information processing unit 26 displays necessary information on a display means (not shown), prompts the administrator to input and select information, and sends the input and selected information via the network communication unit 23. Are transmitted to the management server 10 and cooperate with the management server 10 to perform processing necessary for administrator authentication, card validation, and invalidation. The administrator PC 20 is realized by incorporating a dedicated program for realizing the above components into a general-purpose computer.

  The card R / W 27 reads data from the card and writes data to the card. When the card is an IC card, the card R / W 27 is realized by a commercially available IC card R / W. Instead of the card R / W, a card reader having only a reading function may be adopted. The card reading / writing method may be either a contact type or a non-contact type.

  The client PC 40 includes a network communication unit 41, a usability management unit 42, an R / W driver 43, and a card R / W 44. The network communication unit 41 communicates with the management server 10 via the network. The usability management unit 42 stores settings as to whether or not the client PC 40 can be used, and is realized by an external storage device such as a hard disk. The R / W driver 43 controls the card R / W 44. The card R / W 44, like the card R / W 27, reads data from the card and writes data to the card. When the card is an IC card, the card R / W 44 is realized by a commercially available IC card R / W. Is done. The client PC 40 is realized by incorporating a program for realizing the above components into a general-purpose computer. Such a client PC 40 is a known one.

  Here, the card used in this embodiment will be described. In the present embodiment, a card ID capable of specifying the card is recorded in each card. A card becomes a registered card when its card ID is registered in the card information storage unit 12, and is distinguished from an unregistered card whose card ID is not registered in the card information storage unit 12. The regular card and the temporary card are not subject to system processing, and are distinguished on the system depending on whether or not they are set as temporary cards in the user / card information storage unit 11. However, regular cards and temporary cards are usually distinguishable by appearance. Since a regular card is used for a specific user assuming a certain period of time, information identifying the individual user, such as a face photo, is printed on the surface. However, information that identifies an individual is not printed on the surface of a temporary card that may be used.

(2. Processing operation)
Next, the processing operation of the apparatus shown in FIG. 2 will be described. The card management system according to the present invention performs processing at two points in time when a regular card is lost and when a regular card is found. First, the case where the regular card is lost will be described with reference to the flowchart of FIG. When the regular card is lost, first, the administrator information processing unit 26 displays an administrator authentication screen on the display means in the administrator PC 20. The administrator here refers to a user who activates / inactivates a temporary card. On the administrator screen, a screen prompting the user to set a card is displayed, and the administrator sets his / her card in the card R / W 27. Next, the card R / W 27 reads the card ID from the set card. The administrator information processing unit 26 transmits the acquired card ID to the administrator authentication unit 18 via the network communication unit 23. The administrator authentication unit 18 acquires a user ID corresponding to the received card ID from the user / card information storage unit 11. The administrator authentication unit 18 determines whether or not the acquired user ID is registered as an administrator, that is, whether or not the acquired user ID exists in the data held by the administrator authentication unit 18. . When the acquired user ID is registered as an administrator, the administrator authentication unit 18 notifies the administrator information processing unit 26 through the network communication unit 15 that the authentication is successful. When the administrator information processing unit 26 receives information that the authentication is successful, the manager information processing unit 26 displays an operation screen for validating / invalidating the temporary card (S1). In addition, about authentication of an administrator, you may make it authentication by user ID and a password besides the authentication by card ID. In addition, the administrator can activate the temporary card (which will be explained later, the regular card that has been lost is also invalidated), and the invalidation of the regular card only (the temporary card is valid). It may be divided into administrators who can execute it. By separating the managers in this way, it is possible to prevent the temporary card that can be used by the client from being activated unnecessarily. Next, a card with no user ID set (a temporary card) is set in the card R / W 30. Then, the card R / W 30 reads the card ID from the set card (S2). When the administrator information processing unit 26 confirms that the card ID has been acquired from the card, the administrator information processing unit 26 displays a user selection screen for assigning a temporary card. Specifically, the user ID stored in the storage device of the administrator PC 20 is acquired as an assignable user, and is displayed so as to be selectable on the operation screen. On the operation screen, a type of set card (temporary card, regular card) is selected, and a list of user IDs associated with the set card is displayed. On the operation screen, the administrator selects the type of the set card as “temporary card”, and selects the user ID of the user who should set the temporary card from the list of user IDs (S3). When the administrator information processing unit 26 transmits the acquired card ID to the administrator authentication unit 18 via the network communication unit 23, the administrator authentication unit 18 sets the user ID corresponding to the received card ID to the user. If the card ID cannot be obtained from the card information storage unit 11, the administrator authentication unit 18 checks whether the card ID is registered in the card information storage unit 12. When the card ID is not registered in the card information storage unit 12, the administrator authentication unit 18 notifies the administrator information processing unit 26 that the card ID is not registered, and the administrator information processing The unit 26 displays a card ID registration screen for registration in the card information storage unit 12.

  On the operation screen displayed by the administrator information processing unit 26, selection of “temporary card” as the type of the set card, selection of the user ID, and card ID of the set card are registered in the card information storage unit 12. If it is confirmed, the system validates the temporary card by associating the selected user ID with the card ID acquired in S2 (S4). Specifically, first, the administrator PC 20 transmits the card ID acquired in S <b> 2 to the management server 10 via the network communication unit 23. In the management server 10, when the network communication unit 15 receives the card ID from the administrator PC 20, the user / card information setting unit 13 associates the received card ID with the user ID selected in S3 and stores the user / card information. Register to the unit 11 and set the corresponding card status to “valid”. Since the registered card is a temporary card, the card type is set to “temporary card”. In the card activation date and time, the date and time when the card status is set to “valid” is set. When the combination of the user ID and the card ID is registered in the user / card information storage unit 11 and the card status becomes “valid”, the temporary card having the card ID is set to the valid state.

  When the temporary card is validated, the system temporarily invalidates the regular card corresponding to the user ID set to the valid temporary card (S5). Specifically, the user / card information setting unit 13 sets the card status of the regular card corresponding to the user ID that registered the temporary card in S4 to “temporarily invalid”. By setting the card status to “temporarily invalid” in the user / card information storage unit 11, the regular card having the card ID is temporarily set to an invalid state. It is to be noted that only a regular card is set as “temporarily invalid” in the card status. The reason why the regular card is set to “temporarily invalid” is that it may be discovered later and registered again. For this reason, until a regular card is reissued to a certain user, it is not set to “invalid” but remains in a “temporarily invalid” state. However, since the client PC does not permit use regardless of whether the card status is “invalid” or “temporarily invalid”, there is no processing difference in this system. In this sense, “temporarily invalid” Is also one mode of “invalid”. On the other hand, since the temporary card is temporarily used until the regular card is found or reissued, the setting of “temporarily invalid” is not performed.

  Consider the case where a regular card is used in this state. In the following, it is assumed that the card ID “001” in FIG. 3 is a regular card and the card ID “002” is a temporary card. The management server 10 is connected to a plurality of clients 40 via a network, and grants the authority to use each client 40 by valid / invalid (including “temporarily invalid”) of the card. First, the state before the loss of the regular card is in the state of FIG. 3A. In this state, the regular card “001” is read by the attached card R / W 30 to the client 40, and the management server 10 is connected via the network communication unit 41. In the management server 10, the card authentication unit 16 refers to the user / card information storage unit 11 with the received card ID “001” and acquires the corresponding card status. In the case of the state of FIG. 3A, the card authenticating unit 16 acquires a “valid” status. When the “valid” status is acquired, the card authentication unit 16 returns a “valid” status to the client 40 via the network communication unit 15. In the client 40, when the “valid” status is received, the usability management unit 42 is changed from the unusable state to the usable state, and the user can use the client 40. At this time, even if the card “002” is set in the card R / W 30 attached to the client 40, the card ID “002” is not registered in the user / card information storage unit 11, and therefore the usability management unit 42 Remains unusable.

  Next, in the state of FIG. 3C, when the card ID of the regular card “001” is read by the attached card R / W 44 to the client 40 to be used and transmitted to the management server 10 via the network communication unit 41. In the management server 10, the card authentication unit 16 refers to the user / card information storage unit 11 with the received card ID “001” and acquires the corresponding card status. In the case of the state of FIG. 3C, the card authentication unit 16 acquires the status of “temporarily invalid”. When the “temporarily invalid” status is acquired, the card authentication unit 16 returns a “temporarily invalid” status to the client 40 via the network communication unit 15. In the client 40 to be used, when the “temporarily invalid” status is received, the usability management unit 42 is changed from the usable state to the unusable state, so that the user cannot use the client 40.

  Also, consider the case where a temporary card is used in this state. In the state of FIG. 3C, when the card ID of the temporary card “002” is read by the attached card R / W 44 to the client 40 to be used and transmitted to the management server 10 via the network communication unit 41, the management server 10, the card authentication unit 16 refers to the user / card information storage unit 11 with the received card ID “002”. In the state of FIG. 3C, since the card ID “002” is “valid” in the user / card information storage unit 11, the card authentication unit 16 sets the status of “valid” It returns to the client 40 via the network communication unit 15. When the client 40 to be used receives the “valid” status, the availability management unit is changed from the “unusable” state to the “usable” state, so that the user can use the client 40. Become. At this time, the temporary card “002” can be used as a card corresponding to the user ID “Y001” similarly to the regular card “001”.

  Next, the time of finding a regular card will be described with reference to the flowchart of FIG. When a regular card is found, first, the administrator information processing unit 26 displays an administrator authentication screen on the display means in the administrator PC 20. On the administrator screen, a screen prompting the user to set a card is displayed, and the administrator sets his / her card in the card R / W 27. Next, the card R / W 27 reads the card ID from the set card. The administrator information processing unit 26 transmits the acquired card ID to the administrator authentication unit 18 via the network communication unit 23. The administrator authentication unit 18 acquires a user ID corresponding to the received card ID from the user / card information storage unit 11. The administrator authentication unit 18 determines whether or not the acquired user ID is registered as an administrator, that is, whether or not the acquired user ID exists in the data held by the administrator authentication unit 18. . When the acquired user ID is registered as an administrator, the administrator authentication unit 18 notifies the administrator information processing unit 26 through the network communication unit 15 that the authentication is successful. When the administrator information processing unit 26 receives information that the authentication is successful, it displays an operation screen for validating / invalidating the temporary card (S11). On the operation screen, the user ID of the user of the authorized card is selected, and further the fact that the authorized card of the user has been found is selected (S12). Next, the regular card specified by the selected user ID is validated (S13). Specifically, first, the user / card information setting unit 13 searches for a card ID whose card status is “temporarily invalid” from the card corresponding to the user ID selected in S12. Then, the card status corresponding to the card ID is set to “valid”. For example, when the card ID is “001”, the state shown in FIG. 3C is changed to the state shown in FIG. When the card status is set to “valid” in the user / card information storage unit 11, the regular card having the card ID is set to the valid state.

  When the card status of the regular card is set to “valid”, the user / card information setting unit 13 sets the corresponding temporary card by setting the card status of the temporary card associated with the user ID of the regular card to “invalid”. The date and time when the card status is set to “invalid” is set as the card invalidation date and time (S14). For example, when the user ID is “Y001”, the state shown in FIG. 3D is changed to the state shown in FIG. In the example of FIG. 3E, the temporary card with the card ID “002” is set to an invalid state. By collecting the temporary card together with these settings, the collected temporary card can be used again by another user.

  In the process shown in FIG. 6, when a regular card is found, the process for validating the regular card is first performed as a process in the system, but the user ID of the regular card and the fact that the regular card has been found are selected. Thereafter, the temporary card may be invalidated first, and then the regular card may be validated.

  If a regular card is not found, it is necessary to reissue the regular card. In the present system, when the regular card is reissued, the temporary card can be invalidated. Next, processing when a regular card is reissued will be described using the flowchart of FIG. In addition, since the regular card used for reissuance is an unused (unregistered) card, it is necessary to register in the card information storage unit 12. When the regular card is reissued, first, the administrator information processing unit 26 displays the administrator authentication screen on the display means in the administrator PC 20. On the administrator screen, a screen prompting the user to set a card is displayed, and the administrator sets his / her card in the card R / W 27. Next, the card R / W 27 reads the card ID from the set card. The administrator information processing unit 26 transmits the acquired card ID to the administrator authentication unit 18 via the network communication unit 23. The administrator authentication unit 18 acquires a user ID corresponding to the received card ID from the user / card information storage unit 11. The administrator authentication unit 18 determines whether or not the acquired user ID is registered as an administrator, that is, whether or not the acquired user ID exists in the data held by the administrator authentication unit 18. . When the acquired user ID is registered as an administrator, the administrator authentication unit 18 notifies the administrator information processing unit 26 through the network communication unit 15 that the authentication is successful. When the administrator information processing unit 26 receives information that the authentication is successful, the manager information processing unit 26 displays an operation screen for validating / invalidating the temporary card (S31). Next, the regular card in which the card ID is recorded is set in the card R / W 27. Then, the card R / W 30 reads the card ID from the regular card (S32). Upon confirming that the card ID has been acquired from the regular card, the manager information processing unit 26 displays the set card type (regular card, temporary card, unregistered card) in a selectable manner. When the administrator instructs to select “unregistered card”, the administrator information processing unit 26 displays a user ID selection screen for assigning a regular card (S33).

  When a user ID is selected on the operation screen displayed by the administrator information processing unit 26, the system associates the input user ID with the card ID acquired in S32, thereby validating a new regular card. (S34). Specifically, the administrator PC 20 first transmits the card ID acquired in S32 to the management server 10 via the network communication unit 23 together with the user ID selected in S33. In the management server 10, when the network communication unit 15 receives the user ID and the card ID from the administrator PC 20, the card ID is registered in the card information storage unit 12. Next, the regular card reissue unit 17 registers the received user ID and card ID in the user / card information storage unit 11 in association with each other. Further, the regular card issuing unit 17 sets the card status corresponding to the card ID to “valid”. In the card activation date and time, the date and time when the card status is set to “valid” is set. When the card status is set to “valid” in the user / card information storage unit 11, the regular card having the card ID is set to the valid state. That is, a new regular card has been issued.

When the card status of the regular card is set to “valid”, the user / card information setting unit 13 determines the card status of the temporary card corresponding to the user ID and the lost regular card whose card status is “temporarily invalid”. The corresponding temporary card and the lost regular card are invalidated by setting the card status to “invalid” (S35). Further, the date and time when the card status is set to “invalid” is set as the card invalidation date and time. As a result of the processing in S34 and S35,
For example, when the user ID is “Y001”, the state shown in FIG. 3C is changed to the state shown in FIG. In the example of FIG. 3F, the temporary card with the card ID “002” and the lost regular card with the card ID “002” are set in an invalid state.

  The preferred embodiment of the present invention has been described above. However, the present invention is not limited to the above embodiment, and various modifications can be made. For example, in the above embodiment, the client PC is used as the target device connected to the management server 10, but if a gate management device that manages the entrance / exit gate is used as the target device, entry is restricted using a card. Can be used in cases.

  The present invention can be applied in various situations. For example, if a regular card is used as an employee ID card, use of a personal computer in the company and management of entrance / exit can be performed with the employee ID card. If the present invention is used for management of employee IDs in a company organization, if the employee ID is forgotten at home and the employee leaves the office, as shown in FIG. You can use the company's facilities without having to return for an employee ID card. At this time, since the employee ID is temporarily invalidated, fraud can be prevented. When an employee who has forgotten his / her employee ID card leaves the office on the day, as shown in FIG. 9 (b), the temporary ID card is invalidated to enable the employee ID card at home at the same time. Employee ID can be used.

  The present invention can be used in industries related to information processing. This is particularly effective when an ID card such as an employee ID card is composed of an IC card, authentication is performed using the IC card, and permission for entry / exit and use of the device is given.

DESCRIPTION OF SYMBOLS 10 ... Management server 11 ... User / card card information storage part 12 ... Card information storage part 13 ... User / card card setting part 15 ... Network communication part 16 ... Card authentication part 17 ... Regular card reissue unit 18 ... Administrator authentication unit 20 ... Administrator PC
23 ... Network communication unit 25 ... R / W driver 26 ... Administrator information processing unit 27 ... Card R / W
40 ... Client PC
41 ... Network communication unit 42 ... Usability management unit 43 ... R / W driver 44 ... Card R / W

Claims (4)

A management server is a system that is connected to an administrator PC and a client PC via a network and manages a regular card that is a regular card and a temporary card that is temporarily issued,
The administrator PC
Card reading means for reading the card ID from the card;
Means for transmitting the read card ID to the management server,
The management server
A user / card information storage means that records user / card information in association with a user ID, card ID, card status, and card type;
Card information storage means for storing a card ID used in the client PC;
The card ID received from the administrator PC and the user ID selected on the operation screen are associated with each other and registered in the user / card information storage unit, and also correspond to the user ID registered in the user / card information storage unit Set the card status of the regular card to a status that is not “valid”
According to the card ID received from the administrator PC, the card status of the temporary card stored in the user / card information storage means is set to invalid, and the regular card stored in the user / card information storage means User / card information setting means for setting the card status to “valid”,
A card management system comprising:   The card ID received from the administrator PC and the user ID selected on the operation screen are associated with each other and registered in the user / card information storage unit, and the temporary card stored in the user / card information storage unit 2. The card management system according to claim 1, further comprising a regular card reissue means for setting the card status of the lost regular card to invalid. A management server that is connected to the administrator PC and the client PC via a network and manages a regular card that is a regular card and a temporary card that is temporarily issued;
A user / card information storage means that records user / card information in association with a user ID, card ID, card status, and card type;
Card information storage means for storing a card ID used in the client PC;
The card ID received from the administrator PC and the user ID selected on the operation screen are associated with each other and registered in the user / card information storage unit, and also correspond to the user ID registered in the user / card information storage unit Set the card status of the regular card to a status that is not “valid”
According to the card ID received from the administrator PC, the card status of the temporary card stored in the user / card information storage means is set to invalid, and the regular card stored in the user / card information storage means User / card information setting means for setting the card status to “valid”,
A management server characterized by comprising:   A program for causing a computer to function as the management server according to claim 3.

Images