JP5324176B2 - Entrance / exit management system and control device thereof - Google Patents

Description

  The present invention relates to an entrance / exit management system capable of restricting / managing entrance / exit based on individual (user) identification information, and more particularly, to a method for distributing / registering information to an authentication apparatus.

  In the entrance / exit management system, information such as user identification information is registered in an authentication device installed at an entrance (door, etc.) of a management area (room, etc.). In the authentication device, the identification information of the user read by the authentication device is compared with the identification information registered in the authentication device to identify an individual (user) (authentication). Thereby, it is determined based on the setting whether to permit entry / exit (entrance / exit) for a predetermined management area for an authenticated individual (user) (entrance / exit permission determination).

  Authentication methods include an ID authentication method that uses an ID assigned to a card or the like owned by a user as identification information, and a biometric authentication method that uses a user's biometric information as identification information. The identification information refers to information that can identify an individual, such as an ID, a password, and user biometric information (for example, finger vein information).

  As an example of the configuration of the entrance / exit management system, there is a system in which an authentication device that performs authentication and a control device that performs entrance / exit permission determination and the like are connected. In this system, user information (including user identification information) is set in the control device, and user data such as user identification information is distributed from the control device to each authentication device. Is registered.

  Conventionally, as a method for distributing and registering identification information to an authentication device, a method of registering identification information of all users permitted to enter and exit the management area in each authentication device (first method) Method).

Moreover, as a prior art example, JP 2007-233576 A (Patent Document 1) describes a method for deleting identification information of a user who has left a management area.
JP 2007-233576 A

  However, in the first method described above, an authentication process is performed by comparing the identification information read by the authentication device with all of the plurality of identification information registered in the authentication device in accordance with the user's authentication operation. There is a need to do. Therefore, depending on the authentication method, there is a problem that the authentication process takes time in proportion to the number of users (the number of registered identification information or the amount of data). In particular, in the case of an authentication method in which the amount of data of one identification information is relatively large and the processing time is relatively long, or when a large number of users use the system, the authentication processing by the above verification takes a considerably long time. Will end up.

  In particular, in the case of the biometric authentication method, it is known that the larger the number of users (the number of registered identification information), the higher the acceptance rate (error) of others.

  As described above, the larger the number of users (such as the number of registered identification information), the greater the effect on the authentication performance and system performance due to the authentication processing time and error.

  The present invention has been made in view of the above problems, and its purpose is to provide identification information used for authentication processing in an authentication apparatus even when the number of users permitted to enter and exit a predetermined management area is large. It is to provide a technique capable of reducing the influence on the authentication performance and system performance due to the authentication processing time and error by reducing the number of registrations.

  Of the inventions disclosed in the present application, the outline of typical ones will be briefly described as follows. In order to achieve the above object, the present invention relates to a method for distributing / registering information (identification information, etc.) to an authentication device in an entry / exit management system, and has the following configuration.

  This entrance / exit management system includes, for example, a plurality of authentication devices installed at the entrances and exits of each area, and one or more control devices connected to the authentication devices at each entrance and exit. An authentication device is an authentication processing unit that identifies a user by comparing identification information read according to an authentication operation of a user entering and leaving the room and identification information registered as user information for each authentication device inside Have The control device uses the result of the processing of the authentication processing unit and the permission information to determine whether the user is allowed to enter or leave the room, and according to the result of the permission determination, an electric lock for the entrance / exit And an electric lock processing unit for controlling the above. As the management / setting information, the control device includes, for example, authentication device information about a plurality of authentication devices constituting the system, user information about a plurality of users who use the system, and user entry / exit. It holds permission information regarding the authentication device associated with the entrance / exit of the permitted area, and history information regarding user authentication and permission determination. Then, with the success of the user authentication and permission determination, the control device determines the authentication device (that is, the registration destination) with which the user may perform the next authentication operation, and uses the user information in the user information. A distribution processing unit that performs processing (first processing) for distributing user data including the identification information of the user to the authentication device and registering the user data therein. In addition, the authentication apparatus includes a deletion processing unit that performs a process (second process) of deleting the identification information of the user registered as the user information with the success of the user authentication and the permission determination.

  As one form, two authentication devices are installed on the entrance side and exit side for one entrance, one control device connected to the two authentication devices is installed, and each control device is Connected to each other.

  As a feature of this system, each authentication device holds identification information of a user who may perform an authentication operation soon among users permitted to enter and exit a predetermined area. Become. This feature is realized by determination of a registration destination and distribution processing (first processing) and deletion processing (second processing) of registration information by the control device. Therefore, user data (identification information) registered in each authentication apparatus is reduced.

  The effects obtained by typical ones of the inventions disclosed in the present application will be briefly described as follows. According to the present invention, even when the number of users permitted to enter and leave a predetermined management area is large, the number of registered identification information used for authentication processing in the authentication device can be reduced, resulting in the authentication processing time and error. The influence on authentication performance and system performance can be reduced. In particular, it is possible to realize performance improvement by shortening the authentication processing time and performance improvement by reducing errors in the case of biometric authentication.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. Note that components having the same function are denoted by the same reference symbols throughout the drawings for describing the embodiment, and the repetitive description thereof will be omitted.

<Overview>
An entrance / exit management system according to an embodiment of the present invention will be described with reference to FIGS. Note that description of initial settings necessary for operating the present system and known processes (for example, history storage processes) that are less relevant to the present features will be omitted.

  First, the outline is shown in the processing example of FIG. 4 based on the system configuration of FIGS. The management information includes FIGS. The authentication operation of the user (for example, U1) is performed in the authentication device 2 (for example, R3) at the entrance (d2) of the management area (for example, the corridor 101 and the A office 102). The authentication method is a biometric authentication method that uses finger vein information as identification information. In accordance with the authentication operation of the user (U1), authentication processing in the authentication device 2 and entry / exit permission determination processing in the control device 1 are performed. At this time, the control device 1 determines the authentication device 2 (registration destination) that may be subjected to the authentication operation of the user (U1) next based on the history information 403, and the user (U1). The user data (including identification information) is distributed to the determined authentication device 2 (for example, R4, R7) and registered in the authentication device 2 (first process). Then, the control device 1 immediately deletes the user data of the user (U1) registered in the authentication device 2 (R3) in which the authentication operation is performed and the authentication and the entry / exit permission determination are normally performed. (Second process). Thereby, the number (amount) of user data registered in each authentication apparatus 2 is reduced.

  In particular, the determination of the registration destination authentication device 2 can be made by referring to and searching the pass authentication device history (FIG. 7, c) in the history information 403.

<Facilities>
FIG. 1 shows an example of the configuration of a facility (managed space) to which the present system is applied and a device to be installed. As a whole, it has a corridor 101, an A office 102, a B office 103, and a server room 104, which are a plurality (four in this example) of individual areas (management areas). Moreover, it has the unmanaged area (external area) 100 which is those outside. In this example, doors whose opening and closing are controlled by electric locks are provided as the entrances d1 to d4 of each area. In addition, the form of control according to the form (gate etc.) is not limited to this.

  A user (for example, represented by U1) enters and exits the corridor 101 from the external area 100 through the first doorway d1 (corresponding: R1, R2, C1). The user (U1) enters and exits from the corridor 101 through the second doorway d2 (corresponding: R3, R4, and C2) and enters and exits from the B office 103. This is performed through the third entrance d3 (correspondence: R5, R6, C3). The user (U1) enters and exits the server room 104 from the A office 102 through the fourth doorway d4 (correspondence: R7, R8, C4).

  A control device 1 (represented by C) and two authentication devices 2 (represented by R) are installed in association with the entrances d1 to d4 of each area. Two authentication devices 2 are installed in pairs at the front and rear (entrance side and exit side) for each of the entrances d1 to d4, and the two authentication devices 2 are connected to one control device 1. In this example, the control device 1 (C) has C1 to C4, and the authentication device 2 (R) has R1 to R8. For example, R3 is provided as an authentication device 2 for entering the A office 102 for the second entrance d2 between the corridor 101 and the A office 102, and for exiting from the A office 102 on the opposite side. R4 is provided as the authentication device 2, and C2 is provided as the control device 1 that manages them.

  In this system, the authentication method to be applied is a biometric authentication method using the finger vein information of the user. Finger vein information is used as user identification information.

  As a user, for example, it has U1 to which a user number “1001” is assigned. As an example of setting the area entry / exit permission determination, it is assumed that U1 is permitted to enter / exit the hallway 101, the office A 102, and the server room 104. The user U1 succeeds in the authentication in the authentication device 2 (R1) on the entrance (entrance) side of the entrance / exit d1 and the entrance / exit permission determination in the control device 1 (C1) from the external area 100, thereby entering and exiting the entrance d1. And enters the corridor 101 (represented as the passage of R1). Further, the user U1 passes through the entrance / exit d2 by successfully authenticating with the authentication device 2 (R3) on the entrance side of the entrance / exit d2 and determining the entrance / exit permission with the control device 1 (C2) from the corridor 101. To enter office A 102 (passing R3). Further, the user U1 succeeds in the authentication at the authentication device 2 (R4) on the exit (exit) side of the entrance / exit d2 and the entrance / exit permission determination at the control device 1 (C2) from the A office 102. Then, the user exits the corridor 101 through the doorway d2 (passing through R4). Further, the user U1 succeeds in the authentication with the authentication device 2 (R7) on the entrance side of the entrance / exit d4 and the entrance / exit permission determination with the control device 1 (C4) from the office A 102, and thereby the entrance / exit d4. And enters the server room 104 (pass through R7).

<System>
FIG. 2 shows a basic configuration of the present system. In this system, a plurality of control devices 1 (C) and a plurality of authentication devices 2 (R) are connected by communication means. The control devices 1 (C1 to C4) are connected to each other via a network 91 such as a LAN so as to be able to communicate data with each other. Each of the authentication devices 2 on the input side and the output side is connected by a dedicated communication line, a network 92, or the like so as to be able to perform data communication with the higher-order (management source) control device 1. Hereinafter, the authentication device 2 (R1, R2) under management with respect to the control device 1 (C1), and conversely, the control device 1 (C1) as the management source with respect to the authentication device 2 (R1, R2) is expressed. .

  Each device (1, 2) is a dedicated information processing device including, for example, a processor, a memory, a communication I / F (interface), an input / output device, and the like. The function (processing) of each device is realized by a program or a circuit.

  In the control device 1, an entry / exit permission determination process, an electric lock control process, various setting processes, and the like are performed. The authentication device 2 performs authentication processing and the like.

<Device>
FIG. 3 shows the functional block configuration of the devices constituting this system.

  The control device 1 is configured to include a control unit 201, an information storage unit 202, communication I / F units 203 and 204, and the like. The control unit 201 includes functions (processing units) such as a permission determination processing unit 301, a distribution processing unit 302, an addition instruction processing unit 303, and an electric lock processing unit 304. The information storage unit 202 stores authentication device information 401, user information 402, history information 403, permission information 404, and the like. The control unit 201 processes programs and data stored in the information storage unit 202. The communication I / F unit 203 performs communication processing for the network 91 between the control devices 1, and the communication I / F unit 204 performs communication processing for the network 92 with the authentication device 2.

  The authentication device 2 includes a control unit 211, an information storage unit 212, a communication I / F unit 213, an input unit 214, and the like. The control unit 211 includes functions (processing units) such as an authentication processing unit 501, an addition processing unit 502, and a deletion processing unit 503. The input unit 214 includes an identification information reading unit 504. The information storage unit 212 stores user information 601 for each authentication device. The control unit 211 processes programs and data stored in the information storage unit 212. The communication I / F unit 213 performs communication processing for the network 92 with the control device 1.

  The identification information reading unit 504 is a device or processing unit for reading identification information according to the authentication method. In this example, the identification information reading unit 504 is a device that reads the finger vein information of the user. As an authentication operation, the user holds a finger over the identification information reading unit 504 so that the identification information reading unit 504 reads the finger vein information. In another authentication method, the identification information reading unit 504 is, for example, an ID card reader or a numeric keypad input device.

  In the authentication processing by the authentication processing unit 501 of the authentication device 2, the user identification information (finger vein information) read by the identification information reading unit 504 of the input unit 214 is sent to the authentication device 2 as user information 601 for each authentication device. The user is identified by collating with each identification information (finger vein information) registered as (for example, S3 in FIG. 4).

  In the entry / exit permission determination process by the permission determination processing unit 301 of the control device 1, whether or not the authenticated user is permitted to enter / exit the area (entrance / exit destination) is set (permission information 404). Based on the determination (for example, S5 in FIG. 4).

  The electric lock processing unit 304 of the control device 1 performs control processing for opening / closing (unlocking / locking) the electric lock of the electric lock at the doorway associated with the control device 1 (for example, S6 in FIG. 4). For example, the electric lock is unlocked when permission is determined in the entry / exit permission determination.

  The distribution processing unit 302 performs processing such as determination of the authentication apparatus 2 that is the registration destination of information and distribution of information to the authentication apparatus 2. The distribution processing unit 302 selects the authentication device 2 that the user may next perform an authentication operation based on referring to, searching, and the like of the history information 403 (particularly, the passage authentication device history c) regarding authentication and entry / exit permission determination. It judges, distributes the user data (including identification information) of the user to the authentication device 2 (or the control device 1 of the management source), and instructs registration in the authentication device 2 (for example, FIG. 4). S7).

  The deletion processing unit 503 of the authentication device 2 uses the user who has succeeded in authentication and entry / exit permission determination in the authentication device-specific user information 601 in the authentication device 2 according to the information or instruction from the control device 1. The person data (including identification information) is immediately deleted (for example, S8 and S9 in FIG. 4).

  The addition processing unit 502 of the authentication device 2 registers the user data of the user in the authentication device-specific user information 601 in the authentication device 2 according to the user data or the addition instruction from the control device 1 that is the management source. (For example, S10 and S12 in FIG. 4).

  The addition instruction processing unit 303 of the control device 1 instructs the managed authentication device 2 to register the user data of the user according to information or instructions from other devices (for example, S11 and S13 in FIG. 4). .

<Processing example>
FIG. 4 shows a sequence of a characteristic processing example in this system (S indicates a processing step).

  The case where the user U1 enters the A office 102 from the corridor 101 through the entrance d2 is taken as an example. The user number assigned to the user U1 is “1001”, and finger vein information serving as identification information is simply expressed as “Y1001”. The areas where the user U1 is allowed to enter and exit are the hallway 101, the A office 102, and the server room 104.

  In the description of this example, as the initial state, the authentication device information 401 in FIG. 5, the user information 402 in FIG. 6, the history information 403 in FIG. 7, the permission information 404 in FIG. 8, and the information in FIGS. This is user information 601 for each authentication device.

  From the initial state, in S1, the user (U1) performs an authentication operation (holds a finger) on the authentication device 2 (R3) at the entrance d2 of the corridor 101.

  In accordance with the authentication operation (S1, S2), an authentication process by the authentication processing unit 501 of the authentication device 2 (R3), and an entry / exit permission determination process by the permission determination processing unit 301 of the control device 1 (C2) that is the management source Is done.

  By the authentication operation of S1, the authentication apparatus 2 (R3) reads and acquires the identification information (finger vein information “Y1001”) of the user U1 by the identification information reading unit 504 in S2. In S3, the authentication processing unit 501 of the authentication device 2 (R3) reads the identification information ("Y1001") and the identification information registered in the authentication device-specific user information 601 (FIG. Authentication processing is performed by collating with vein information b). As a result, in this example, authentication is successful because they match in verification.

  After successful authentication, in S4, the authentication device 2 (R3) sends the user number “1001” of the user U1 to the control device 1 (C2) of the management source installed for the entrance / exit d2. .

  In S5, the permission determination processing unit 301 of the control device 1 (C2) permits entry / exit for the user U1 based on the user number “1001” sent from the managed authentication device 2 (R3). Judgment processing is performed. In this example, since entry / exit to the A office 102 of the user U1 is set as permission in the permission information 404 (FIG. 8, the permission authentication device number b includes R3 and R4), Determined.

  The user U1 is permitted to enter the area (A office 102) based on the result of authentication in the authentication device 2 (R3) and the entry / exit permission determination in the control device 1 (C2) (success). The That is, in S6, the electric lock processing unit 304 of the control device 1 (C2) unlocks the electric lock at the doorway d2, and the user U1 can enter the A office 102 from the corridor 101 through the doorway d2. (Passing R3). In the case of authentication failure (identification information mismatch), or entry / exit permission determination not permitted, the electric lock at the entrance / exit d2 is not unlocked and the user U1 cannot enter the room.

  In addition, general history recording is performed on the results of user authentication and entry / exit permission determination. In this system, in particular, when the results of the user authentication (S3) and the entry / exit permission determination (S5) are successful, the history information 403 of the control device 1 is recorded. For example, history recording is performed in the process of S5, and “R3” is added as the number of the passed authentication device 2 to the item of the passed authentication device history c of the history information 403 in FIG.

  Further, following the above, the control device 1 (C2) performs registration destination determination and distribution processing by the distribution processing unit 302 in S7. In this process, first, based on the history information 403, the authentication device 2 with which the user U1 may next perform an authentication operation is determined. The determination can be made by searching for the connection of the authentication device 2 that the user has passed. The authentication device 2 (R4, R7) as a result of the determination is determined as the authentication device 2 as the information registration destination.

  In this example, in the search for the item of the pass authentication device history c in the history information 403 of FIG. 7, “R4” and “R7” are detected as numbers connected after the number “R3” of the authentication device 2 passed earlier. . Therefore, the control apparatus 1 (C2) is the authentication apparatus 2 (R4) on the side that leads to the corridor 101, which is installed in the A office 102, for the user U1. Alternatively, it is determined that the authentication device 2 (R7) on the side leading to the server room 104 is used.

  As a result of the determination, first, in S8, the control device 1 (C2) sends the user number “1001” of the user U1 to the authentication device 2 (R3) that has been passed, for the deletion instruction. In response to this, in S9, the authentication device 2 (R3) uses the deletion processing unit 503 to obtain the user data of the user U1 (FIG. 9A, a) from the authentication device-specific user information 601 in the device. Delete).

  On the other hand, the control device 1 (C2) transfers the user data (including “1001” and “Y1001”) of the user U1 to the registration destination authentication device 2 (R4, R7) for registration. To deliver. For this purpose, the control device 1 (C2) sends user data directly to the managed authentication device 2 (R4) in S10. However, for the authentication device 2 (R7) that is not under management, the control device 1 (C4) (the entry / exit d4 of the server room 104) that is the management source of the target authentication device 2 (R7) is installed in S11. User data, authentication device number ("R7"), etc. Then, the user data is sent from the control device 1 (C4) to the managed authentication device 2 (R7) and registered (S13, S14, S15).

  Upon receiving the user data sent in S10, the authentication device 2 (R4) performs an additional process of registering the user data in the internal authentication device-specific user information 601 by the additional processing unit 502 in S12.

  In S13, the control apparatus 1 (C4) that has received the data sent in S11 uses the additional instruction processing unit 303 to generate user data for the authentication apparatus 2 (R7) based on the authentication apparatus number “R7”. Addition instruction processing is performed. In S14, the user data of the user U1 is sent from the control device 1 (C4) to the authentication device 2 (R7). In S15, the authentication device 2 (R7) that has received the user data performs an additional process of registering the user data in the internal authentication device-specific user information 601 by the addition processing unit 502.

  In the present embodiment, apart from the deletion process by the deletion processing unit 503, as an additional process at the timing accompanying the above-described additional process (S12 or S15), old user data based on general history records is stored. Deletion processing is performed. Specifically, the authentication device 2 refers to the data registration date / time c in the user information 601 for each authentication device, determines the expiration date of the user data based on the user information retention date for each authentication device, and Delete expired user data (rows). This process can be performed at another timing. The user information retention time limit for each authentication device is set as, for example, 12 hours as system-specific setting information.

  At the time when the processing up to S15 in the above example ends, the state of the user information 601 by authentication device in FIG. In the information of R3 in FIG. 9A, the user data of the user number “1001” is deleted as shown in a by the deletion process in S9. In the information of R4 in FIG. 9B, the user data “1001” is additionally registered as shown in a by the additional processing in S12, and the user number “1947 whose retention period has expired” as shown in b. User data for "" is deleted. In addition, in the information of R7 in FIG. 9C, the user data of the user number “1001” is additionally registered as in a by the addition process of S15.

<Management / setting information>
Next, a holding information structure and registration examples of various management / setting information will be described.

  Various types of management / setting information including initial setting information necessary for the operation of the system are set and held in the control device 1. The setting may be made possible by a setting function provided in the control device 1, or may be configured in such a manner that information is transmitted from another management / setting device or the like to the control device 1 through communication means and set. For example, a system administrator sets necessary initial setting information for the control device 1.

  In actual operation based on the initial setting, necessary information (user data and the like) is distributed from the control device 1 that is the management source to the authentication device 2 under management and registered in the authentication device 2. Further, as shown in the processing example, distribution or deletion of user data or the like is performed between devices as the user moves. The authentication device 2 stores a minimum amount of information. However, if necessary (exception processing or the like), the necessary information can be acquired by accessing the control device 1 as a management source. Is possible.

<Authentication device information>
FIG. 5 shows an example of authentication device information 401. In the authentication device information 401, information about the authentication device 2 constituting the system is registered and used in the distribution process (S7) and the like. The authentication device information 401 includes an authentication device number a, an authentication device address b, a management source control device number c, and a management source control device address d. The authentication device number a indicates a number for identifying the authentication device 2. The authentication device address b indicates a communication destination of the authentication device 2 corresponding to the authentication device number a. The management source control device number c indicates a number for identifying the control device 1 that is the management source of the authentication device 2 corresponding to the authentication device number a. The management source control device address indicates a communication destination of the control device 1 corresponding to the management source control device number c.

<User information>
FIG. 6 shows an example of user information 402. In the user information 402, user information of all users who use this system is registered and used in the distribution process (S7) and the like. The user information 401 includes a user number a and finger vein information b (an example of identification information). User data c refers to a combination of a user number a and identification information (finger vein information b) used for authentication processing. The user number a indicates a number for identifying the user. The finger vein information b indicates finger vein data registered in advance in the system by the user.

<History information>
In FIG. 7, an example of the history information 403 is shown. For example, data for several days is registered in the history information 403 for each user and used in the distribution process (S7). The history information 403 includes a user number a, a history date b, and a pass authentication device history c. The history date b indicates the date of history information (row). The pass authentication device history c indicates the authentication device number of the authentication device 2 (passed authentication device 2) on which authentication operation by the user is performed and authentication and entrance / exit permission determination are performed. In the passage authentication device history c, the number of the authentication device 2 that the user has passed on the history date b is held in the order of passage. For example, in the row where the history date b is “20080303”, the order of the authentication device 2 that has passed is R1 → R3 → R4 → R3 → R4 → R3 → R4 → R2. This is expressed in order of movement in units of management areas: external area 100 → corridor 101A office 102 → corridor 101 → A office 102 → corridor 101 → A office 102 → corridor 101 → B office 103.

  For example, in the above-described authentication processing in the authentication device 2 (R3) in S3 and determination and distribution processing in the control device 1 (C2) in S7, the authentication device 2 that may be subjected to an authentication operation next is selected. When making the determination, the distribution processing unit 302 refers to the item of the pass authentication device history c of the user U1 (“1001”) in the history information 402 and searches for data including “R3”. The connected authentication device number is detected. In this example, “R4” and “R7” are next to “R3” in the row where the history date b is “20080305”, “20080304”, and “20080303”.

  As the history information 403, for example, information for several days is held.

<Permission information>
FIG. 8 shows an example of the permission information 404. The permission information 404 is information in which a management area in which entry / exit is permitted for each user is set for each authentication device 2 and is used in entry / exit permission determination (S5) and the like. The permission information 404 includes a user number “a” and a permission authentication device number “b”. The permitted authentication apparatus number b indicates the number of the authentication apparatus 2 that is permitted in the entry / exit permission determination process for the user. For example, (R1, R2), (R3, R4), (R7, R8) are set for U1 (“1001”). That is, the above-mentioned management area (corridor 101, A office 102, server room 104) is set to permit.

<User information by authentication device>
FIG. 9 shows an example of user information 601 for each authentication device in each authentication device 2 (R3, R4, R7). In the user information 601 for each authentication device, user data of a user who is likely to perform an authentication operation soon among users permitted to enter and exit the management area is registered. The registration contents are different for each authentication device 2.

  The authentication device-specific user information 601 includes a user number a, finger vein information b, and data registration date / time c. The finger vein information b has a larger actual data amount depending on the authentication method. The data registration date and time c indicates the date and time when the data (row) was registered.

<Processing flow>
Next, FIG. 10 shows a flow (program processing) of a detailed example of registration destination determination and distribution processing (S7) in the above-described processing example. The subject of the following processing is the distribution processing unit 302 of the control device 1 and the like. An example of the user's operation and the status of management / setting information are the same as those in the above-described processing example.

  In S201, the input user number “1001” in S4 is stored in the process variable Num, and the process variable n and the process variable Next are initialized (input 0). Then, the data number of the history information 403 whose user number matches Num is input to the processing variable Count.

  In S202, the nth history data is acquired from the history data obtained by sorting the history data in which the user number matches Num in the history information 403 in descending order of the history date.

  In S203, the process variable m is initialized. In S204, the m-th authentication device number (in this example, “R3”) is acquired from the pass authentication device history of the history data acquired in S202. In step S205, it is determined whether the m-th authentication device number matches the authentication device number (“R3”). If they match (Y), in S206, the (m + 1) th authentication device number is acquired from the history authentication device history of the history data and stored in Next.

  In step S207, authentication device data whose authentication device number matches Next is acquired from the authentication device information 401. In S 208, user data whose user number matches Num is acquired from the user information 402.

  In S209, it is determined whether the authentication device is a managed authentication device for the control device. In this example, when the management source control device number of the authentication device data is “C2” in S209 (Y), the user data acquired in 208 in S210 corresponds to the authentication device data acquired in S207. It is sent to the authentication device 2. In S209, when the management source control device number of the authentication device data acquired in S207 is not “C2” (N), in S211, the control device number matches the management source control device number. Next (authentication device number) and the user data acquired in S208 are sent.

  In S212, 1 is added to m. In S213, it is determined whether the authentication device number is the last authentication device number in the history authentication device history of the history data acquired in S204, and the processing from S204 to S212 is performed until the last authentication device number is processed. Is repeated.

  In S214, 1 is added to n. In S215, it is determined whether n matches Count, and the processing from S202 to S214 is repeated until n matches Count.

  In the present processing example, in the processing of S7 in FIG. 4, when the processing of S204 to S212 is repeated for the data of the history information 403 with the user number “1001” and the history date “20080305”, authentication is performed in S206. The device number “R4” is stored in Next, that is, it is determined that the authentication device 2 with which the user may perform the next authentication operation is R4 (authentication when leaving the office A to the corridor 101) Device 2). Further, when the processing from S204 to S212 is repeated for the data of the history information 403 with the history date “20080304”, the authentication device number “R7” is stored in Next in S206, that is, the user performs the next authentication operation. It is determined that the authentication device 2 that may perform the authentication is R7 (authentication device 2 when entering the server room 104 from the office A 102).

<Conventional>
FIG. 11 shows an example of user information for each authentication device held for each authentication device in the conventional system. This user information for each authentication device is composed of user data (row) having user number a and finger vein information b (identification information) as items. All the authentication devices need to hold as many pieces of row data as all the users who use the system as user information for each authentication device. For example, if the number of users is 3000, user data (rows) for the 3000 users is retained.

  In the authentication process (S3 in this embodiment), the read identification information is collated with the identification information of all registered users. Therefore, in the conventional method, it is necessary to register identification information (finger vein information) of all users permitted to enter and exit the management area in the authentication apparatus. Therefore, the amount of registration information (data) increases in proportion to the number of users, and authentication processing takes time depending on the amount. This is especially true in the case of an authentication method in which the amount of data of one piece of identification information (finger vein information) and the time for one verification process are large.

<Effects>
As described above, in the system according to the present embodiment, the number of registrations (amount) of the user information for each authentication device (FIG. 9) is significantly larger than the user information for each authentication device (FIG. 11) in the conventional system. It is suppressed. Therefore, the time required for the authentication process in the authentication device 2 is greatly shortened, and the error in the case of biometric authentication is also reduced. Thereby, system performance can be improved.

  This system is described as a mode in which the next (registration destination) authentication device 2 is determined for each authentication device based on the history information 403 (including the passage authentication device history c). However, when the association between the authentication device 2 and the management area is managed, the next (registration destination) management area (the authentication device 2 associated therewith) based on the history information (for example, including the passage management area history). It is also possible to adopt a form in which this is determined in units of management areas. The “authentication device that can be subjected to the next authentication operation” can be rephrased as “authentication device associated with the management area where the user next exists” or the like.

  The system configuration includes a configuration in which a control device, a management / setting device, and the like are further connected to a higher level of the plurality of control devices 1, a control device 1 (entrance / exit permission determination function), and an authentication device 2 (authentication function). ) Can be variously modified.

  As mentioned above, the invention made by the present inventor has been specifically described based on the embodiment. However, the present invention is not limited to the embodiment, and various modifications can be made without departing from the scope of the invention. Needless to say.

  The present invention can be used in an entrance / exit management system.

It is a figure which shows the structural example of the facility applied to the entrance / exit management system of one embodiment of this invention. It is a figure which shows the whole structure in this entrance / exit management system. It is a figure which shows the apparatus block structure in this entrance / exit management system. It is a figure which shows the sequence of the example of a process between the apparatuses in this entrance / exit management system. It is a figure which shows the example of the authentication apparatus information in this entrance / exit management system. It is a figure which shows the example of the user information in this entrance / exit management system. It is a figure which shows the example of the authentication log | history information in this entrance / exit management system. It is a figure which shows the example of the permission information in this entrance / exit management system. It is a figure which shows the example (state before and behind process) of the user information according to authentication apparatus in this entrance / exit management system. It is a figure which shows the processing flow in judgment of a registration destination, and a delivery process in this entrance / exit management system. It is a figure which shows the example of the user information according to authentication apparatus in the conventional entrance / exit management system.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... Control apparatus (C), 2 ... Authentication apparatus (R), 91, 92 ... Network, 100 ... External area, 101 ... Corridor, 102 ... A office, 103 ... B office, 104 ... Server room, 201 ... Control unit 202 ... Information storage unit 203, 204 ... Communication I / F unit, 211 ... Control unit, 212 ... Information storage unit, 213 ... Communication I / F unit, 214 ... Input unit, 301 ... Permission determination processing unit, 302 ... Distribution processing unit, 303 ... Additional instruction processing unit, 304 ... Electric lock processing unit, 401 ... Authentication device information, 402 ... User information, 403 ... History information, 404 ... Authorization information, 501 ... Authentication processing unit, 502 ... Addition processing unit, 503... Deletion processing unit, 504... Identification information reading unit, 601.

Claims (2)

An entry / exit management system for managing user entry / exit for a plurality of areas to be managed,
A plurality of authentication devices installed for each area entrance and exit, and one or more control devices connected to each entrance authentication device;
The authentication device is an authentication process for identifying a user by comparing identification information read according to an authentication operation of a user entering or leaving the room and identification information registered as user information for each authentication device inside Part
The control device uses a result of the processing of the authentication processing unit and permission information, a permission determination processing unit that performs permission determination of the user's entrance / exit, and, depending on the result of the permission determination, the entrance / exit An electric lock processing unit for controlling the electric lock with respect to
The control device includes, as management information, authentication device information about a plurality of authentication devices constituting the system, user information including identification information about a plurality of users who use the system, and user entry / exit Holding the permission information about the authentication device associated with the entrance / exit of the area that is permitted, and history information regarding the authentication and permission determination of the user,
The control device determines an authentication device with which the user may next perform an authentication operation upon success of the user authentication and permission determination, and identifies the user identification information among the user information. Including a distribution processing unit that performs processing for distributing user data including the above to the authentication device and registering the user data therein,
The authentication apparatus, with the successful authentication and authorization decision of the user, have a deletion section that deletes the identification information of the user registered as the authentication device by the user information,
The control device holds, as the history information, information including a user number, a history date, and a pass authentication device history in which the number of the authentication device in which the user has successfully performed the authentication and permission determination is recorded. In the processing by the distribution processing unit, the user performs the following by searching the pass authentication device history based on the number of the authentication device on which the authentication operation has been performed and detecting the connection of the authentication devices. An entrance / exit management system characterized by determining an authentication device that may perform an authentication operation . In the entrance / exit management system for managing the entrance / exit of users for a plurality of areas to be managed, a control device connected to an authentication device installed at the entrance / exit of each area,
The control device identifies the user by comparing the identification information read according to the authentication operation of the user entering and leaving the authentication device with the identification information registered as user information for each authentication device inside And a permission determination processing unit that performs permission determination on entry / exit of the user using the authentication processing result and permission information, and an electric that performs control of the electric lock for the entrance according to the result of the permission determination. A lock processing unit,
The control device includes authentication device information about a plurality of authentication devices constituting the system, user information about a plurality of users using the system, and an entrance / exit of an area where the user is allowed to enter and leave the room. Holding the permission information about the associated authentication device, and history information regarding the authentication and permission determination of the user,
The control device determines an authentication device with which the user may next perform an authentication operation upon success of the user authentication and permission determination, and identifies the user identification information among the user information. Including a distribution processing unit that performs processing for distributing user data including the above to the authentication device and registering the user data therein,
The control device deletes the identification information of the user registered as the user information for each authentication device with respect to the authentication device on which the authentication operation has been performed with the success of the authentication and permission determination of the user. There line processing to,
The control device holds, as the history information, information including a user number, a history date, and a pass authentication device history in which the number of the authentication device in which the user has successfully performed the authentication and permission determination is recorded. In the processing by the distribution processing unit, the user performs the following by searching the pass authentication device history based on the number of the authentication device on which the authentication operation has been performed and detecting the connection of the authentication devices. A control device for an entrance / exit management system, characterized in that an authentication device that is likely to perform an authentication operation is determined .

Images