JP5495635B2 - Access control device - Google Patents

Description

The present invention relates to a technique for managing access authority to an access restricted object whose access is restricted.
Access restricted objects include, for example, areas where entry / exit is restricted by an entrance / exit management system using electronic lock doors, entrance gates, etc., information devices that can be used only by those with usage rights, access Electronic data, etc. that only authorized data access is permitted.
Hereinafter, entrance / exit management by the entrance / exit management system will be mainly described.

An entrance / exit management system using an electronic lock is used for entrance / exit management of buildings and offices.
An electronic lock control device is installed for opening / closing control of the electronic lock, and personal identification information read from a personal authentication device such as an IC card reader connected to the electronic lock control device is stored in the electronic lock control device. The opening / closing control of the electronic lock is performed by checking the opening / closing conditions stored in the electronic lock control device by comparing with the personal identification information stored in the electronic lock.
Unlocking conditions can also be set such as "Do not unlock unless two people read the IC card continuously" or "Do not unlock the door unless there are two or more people in the room" .
In addition, as shown in Patent Document 1, there is also a system that allows entry into a room by unlocking an electronic lock after confirming that individual information registered in advance in a plurality of operation devices has been input.

JP-A-11-141233

However, in the existing technology, when a certain electronic lock control device performs unlock control, only the traffic history and occupant information managed by the electronic lock control device are used.
Therefore, there is a problem that it is impossible to know information detected by other electronic lock control devices, and it is not possible to execute an open / close condition determination of the electronic lock in conjunction with the surrounding situation.
More specifically, even if there is only a user who has the authority to unlock the door around a certain door, IC card authentication is required to unlock the door. That is, when a user with a legitimate authority unlocks the first door after the authentication procedure and enters the room 1 and then enters the room 2 ahead of the room 1, the first is Despite being kept safe by the authentication procedure at the time of unlocking the door, in order to enter the room 2, the same authentication procedure must be performed again at the second door. There is a problem that convenience is lowered by forcing the user to authenticate.
Furthermore, there is a problem that when a door breaks down and is constantly released and the security level is lowered, it is not possible to cope with the recovery of the security level by changing the unlocking conditions of other doors.

  One of the main objects of the present invention is to solve the above-mentioned problems, and by changing the access restriction method in accordance with the surrounding situation of the access restriction means, the convenience of the user is improved, and the security is improved. The main purpose is to maintain the level.

An access management apparatus according to the present invention
An access management device that manages a plurality of access restriction means for restricting access to a target access restriction object, and releases access restriction of the access restriction means when a predetermined access permission condition is satisfied,
In place of the common access permission condition that is commonly applied to a plurality of access restriction means, the specific access restriction condition is applied to the specific access restriction condition that is applied to the specific access restriction means. An application condition information storage unit for storing application condition information defined in association with the state of a specific access restricted object other than the restricted object;
Detecting the state of the specific access restriction object and determining whether the detected state of the specific access restriction object matches the state defined in the application condition information; A permission condition determination unit that determines whether or not to apply a unique access permission condition to the means;
When the permission condition determining unit determines to apply the unique access permission condition, the unique access permission condition is applied to the specific access restriction unit instead of the common access permission condition, and the specific access permission condition is determined based on the unique access permission condition. And an access permission / rejection determination unit for determining whether or not to cancel the access restriction in the access restriction means.

  According to the present invention, the access permission condition applied to the access restriction unit is changed in conformity with the state of the access restriction object that is not subject to the access restriction by the access restriction unit. Accordingly, useless access restrictions can be eliminated to improve user convenience, and more stringent access restrictions can be implemented to maintain the security level at a certain level.

The figure which shows the structural example of the entrance / exit management system which concerns on Embodiment 1. FIG. 1 is a diagram illustrating a configuration example of an access management apparatus according to Embodiment 1. FIG. FIG. 4 is a diagram illustrating an example of user information according to the first embodiment. FIG. 6 is a diagram illustrating an example of application condition information according to the first embodiment. The flowchart figure which shows the operation | movement flow of the entrance / exit management system which concerns on Embodiment 1. FIG. FIG. 6 is a diagram illustrating an example of application condition information according to the first embodiment. FIG. 2 is a diagram illustrating a hardware configuration example of an access management apparatus according to the first embodiment.

Embodiment 1 FIG.
In this embodiment, when determining the unlocking condition of a certain electronic lock, the information managed by another electronic lock control device is used as information for determination, so that the unlocking determination in consideration of the surrounding situation can be performed. The entrance / exit management system will be described.

  FIG. 1 shows a configuration example of an entrance / exit management system that performs unlocking control according to surrounding traffic conditions according to the present embodiment.

In the present embodiment, as shown in FIG. 1, a room R1 that enters from the outside through the door D1 and a room R2 that enters through the door D2 after entering the room R1 will be described as examples of access restricted objects. .
The door D1 and the door D2 are normally locked with an electronic lock, and can only enter the room R1 or the room R2 after successful authentication by the access management apparatus 100.
At the time of authentication, the user holds the IC card over the card reader in front of the room where the user wants to enter the room and causes the card reader to read the user ID and authentication information (password, etc.) through the electronic lock control device. The user ID and authentication information are transmitted to the access management apparatus 100, and the access management apparatus 100 performs user authentication using the user ID and authentication information. If the authentication is successful, the electronic lock control apparatus opens the electronic lock of the door. Lock.
In the present embodiment, the door D1 and the door D2 are examples of access restriction means.
However, the card reader CR11, the card reader CR12, the card reader CR21, the card reader CR22, the electronic lock control device 1 (IDC1), and the electronic lock control device 2 (IDC2) may be used as examples of access restriction means.
The card reader CR12 and the card reader CR22 are for authentication when leaving the room, and the installation of these card readers is optional.

  FIG. 2 shows a configuration example of the access management apparatus 100 according to the present embodiment.

In FIG. 2, the user information update unit 1 acquires the state information in each room from the state acquisition unit 7, updates the user information, and stores it in the user information storage unit 2.
The user information storage unit 2 holds user information indicating contents such as user identification information, access authority information, and occupancy status.
The user information acquisition unit 3 acquires user information from the user information storage unit 2.

The application condition information acquisition unit 4 acquires application condition information from the application condition information storage unit 5.
The application condition information storage unit 5 holds application condition information indicating application conditions of the unique unlocking condition that is uniquely applied to each door.
The application condition update unit 6 updates the application condition based on the application condition determination information determined by the unlocking condition determination unit 8 and stores it in the application condition information storage unit 5.

The unlocking condition is a condition for unlocking the electronic lock of each door. The unlocking condition is applied to all doors (as a default) and applied to a specific door. There are unique unlocking conditions (unique access permission conditions) that are applied independently.
The application condition is a condition for applying the unique unlocking condition to the door electronic lock instead of the common unlocking condition. The application condition is defined for each door in association with the state of the room other than the room targeted by the door.
And when the current state of the room defined as the application condition matches the defined state, it is possible to apply the original unlocking condition to the target door, Whether or not to unlock the electronic lock can be determined based on the unique unlocking condition instead of the common unlocking condition.
Information indicating such application conditions is application condition information.
The application condition information storage unit 5 is an example of an application information storage unit.

The state acquisition unit 7 acquires state information for each room such as a lock state of an electronic lock such as a door or a locker, and door passage history information from one or more electronic lock control devices.
The unlocking condition determination unit 8 uses the user information, the application condition information, and the state information to determine whether or not the unique unlocking condition can be applied for each door, and determines whether or not the unlocking is permitted for each door. The unlocking condition determination unit 8 is an example of a permission condition determination unit and an access permission / rejection determination unit.
The opening / closing control unit 9 transmits a control signal to one or more electronic lock control devices based on the unlocking permission / inhibition determination in the unlocking condition determination unit 8.

In FIG. 2, the status acquisition unit 7 acquires status information from both the electronic lock control device IDC1 and the electronic lock control device IDC2, but acquires status information from only the electronic lock control device IDC1. May be.
In FIG. 2, the opening / closing controller 9 outputs control signals to both the electronic lock control device IDC1 and the electronic lock control device IDC2, but outputs a control signal only to the electronic lock control device IDC2. May be.

FIG. 3 shows an example of user information stored in the user information storage unit 2.
The user information is information relating to the user, and includes identification information for uniquely identifying the user and a plurality of attribute information possessed by the user.
In this example, the user ID is used as the identification information, the attribute information, and the room entry authority that indicates the strength of the user's access authority in a numerical value and the room in which the user is present Information is used.

FIG. 4 shows an example of application condition information stored in the application condition information storage unit 5.
As described above, the application condition information indicates a condition for applying the unique unlocking condition among the unlocking conditions for evaluating whether to unlock or lock the electronic lock to the specific electronic lock control device. Information.
In this example, the application condition ID is held as identification information of the application condition, and the conditional expression information is held as the content of the application condition. The format of the conditional expression in this example is as follows.
Open (IDCv, Dw): unlocking the electronic lock of the door Dw managed by the electronic lock control device IDCv Close (IDCv, Dw): locking the electronic lock of the door Dw managed by the electronic lock control device IDCv Enter (Ry, Ux): State that the user x has entered the room Ry Exit (Ry, Ux): State that the user x has left the room Ry Over (Ux, LVn): The entry authority of the user x is level n or higher Exist (Ry, Ux): User x is in room Ry Standard (IDCv, Dw): Applying common unlocking conditions to door Dw managed by electronic lock control device IDCv Not (conditional expression): negation of conditional expression

In the conditional expression of the application condition COND1 in FIG. 4 of this example, “(∀x) Exist (R1, Ux) and (Over (Ux, LV3))” is “the authority to enter all the users in the room R1. "Open (IDC2, D2) represents an original unlocking condition of" unlocking the door D2 managed by the electronic lock control device IDC2 without performing user authentication processing ". Yes.
The conditional expression of COND2 is “if the condition of COND1 is not satisfied, the door D2 managed by the electronic lock control device IDC2 is locked, and the common unlocking condition is applied to the door D2 managed by the electronic lock control device IDC2. ".
For example, the unlocking condition determination unit 8 stores the common unlocking condition in advance. The common unlocking condition is, for example, “unlocking when user authentication using information on the user's IC card is successful”.

FIG. 5 shows a processing flow in the entrance / exit management system.
In the following, after the passage (unlocking) of the door D1 managed by the electronic lock control device IDC1 in the configuration shown in FIG. 1, whether to unlock the electronic lock of the door D2 managed by the electronic lock control device IDC2 is determined. A description will be given on the assumption.

The user A holds the IC card over the card reader CR11 and enters the room R1 through the door D1 through the user authentication process (ST01).
The state acquisition unit 7 acquires state information Enter (R1, User A) indicating that the user A has entered the room R1 through the door D1 from the electronic lock control device IDC1 (ST02).
Next, the user information update unit 1 changes the occupancy information of the user A of the user information to “R1” based on the state information Enter (R1, User A) and stores it in the user information storage unit 2. (ST03).

Next, the unlocking condition determination unit 8 performs application condition determination (ST04).
More specifically, the unlocking condition determination unit 8 acquires state information Enter (R1, User A) from the state acquisition unit 7, and acquires occupancy information and room entry authority for all users from the user information acquisition unit 3. Then, the application condition information is acquired from the application condition information acquisition unit 4, and the application conditions COND1 and COND2 of the application condition information are evaluated and determined.
In this example, only the user A is present in the room R1, and the access authority of the user A is LV3 or higher, so it is determined that the application condition COND1 is true and COND2 is false.

Then, the unlocking condition determination unit 8 determines whether or not unlocking is possible based on the unlocking condition “Open (IDC2, D2)” of the true application condition COND1 (ST05).
In this case, since the unlocking condition is that the electronic lock of the door D2 is unlocked without the user authentication process, the opening / closing control unit 9 unlocks the electronic lock of the door D2 with respect to the electronic lock control device IDC2. A control signal is transmitted (ST06).
At this point, the user A can enter the room R2 without holding the IC card over the card reader CR21 of the door D2.
Further, since there is no other unlocking condition in the application condition COND1, ST05 is NO and the process is terminated.

Subsequently, the user B holds the IC card over the card reader CR11 and enters the room R1 through the door D1 through user authentication processing (ST01).
The state acquisition unit 7 acquires state information Enter (R1, User B) indicating that the user B has entered the room R1 through the door D1 from the electronic lock control device IDC1 (ST02).
Next, the user information update unit 1 changes the occupancy information of the user B of the user information to “R1” based on the state information Enter (R1, User B) and stores it in the user information storage unit 2. (ST03).

Next, the unlocking condition determination unit 8 performs the unlocking condition determination (ST04).
As described above, the unlocking condition determination unit 8 acquires the status information Enter (R1, User B) from the status acquisition unit 7, and acquires the occupancy information and the room entry authority for all users from the user information acquisition unit 3. Application condition information is acquired from the application condition information acquisition unit 4, and application conditions COND1 and COND2 of the application condition information are evaluated and determined.
In this example, the users present in the room R1 are the user A and the user B, and the user B's entry authority is LV2, which is smaller than LV3. Therefore, it is determined that the application condition COND1 is false and COND2 is true.

Then, the unlocking condition determination unit 8 determines whether or not unlocking is possible based on the unlocking condition “Close (IDC2, D2) and Standard (IDC2, D2)” of the application condition COND2 that is true (ST05).
In this case, the electronic lock of the door D2 is locked, and the opening / closing control unit 9 locks the electronic lock of the door D2 with respect to the electronic lock control device IDC2. Then, a control signal is transmitted (ST06).
At this time, neither the user A nor the user B can enter the room R2 unless the IC card is held over the card reader CR21 of the door D2.

Thus, in the present embodiment, the state of the room R1 (specific access restriction object) that is different from the room 2 targeted by the door D2 is the application condition of the unique unlocking condition of the door D2 (specific access restriction means). The unlocking condition determining unit 8 detects the state of the room R1 and determines whether the detected state of the room R1 matches the state defined in the application condition information. Determine whether to apply the original unlocking condition to the door D2, and apply the original unlocking condition to the door D2 instead of the common unlocking condition, Based on the lock condition, it is determined whether or not to release the access restriction at the door D2.
In addition, when the unlocking condition determination unit 8 applies the unique unlocking condition to the door D2, the unlocking condition determination unit 8 determines that the door D2 does not match the state defined in the application condition information. Whether to decide to apply the common unlocking condition, apply the common unlocking condition to the door D2 instead of the original unlocking condition, and release the access restriction on the door D2 based on the common unlocking condition Judging.

In the above, the unique unlocking condition of the application condition COND1 is to permit the unlocking of the door D2 without performing the user authentication, but in addition to this, a gentler user authentication is required than the common unlocking condition. You may make it provide the original unlocking conditions to do.
For example, when the common unlocking condition is “the door is unlocked only when two user authentications of IC card authentication and fingerprint authentication are successful”, if the application condition is met, “IC card authentication If the user A successfully performs IC card authentication at the door D2, the door D2 is unlocked (without fingerprint authentication). You may do it.

In the above description, an example is described in which the traffic information indicating whether or not the user is in the room is used as the application condition. For example, a failure state of a door that restricts entry into a certain room may be used as the application condition.
If a door that restricts entry into a room breaks down and is always open and security is reduced, the unlocking conditions at the doors of other electronic lock control devices in the surrounding area are made stricter. Or the fall of the security intensity | strength as the whole floor can be avoided.
In such a case, for example, it is conceivable to use application condition information shown in FIG.
In FIG. 6, when the door D1 managed by the electronic lock control device IDC1 is in a failure state (“Failure (IDC1, D1)”), the COND3 performs user authentication at the door D2 managed by the electronic lock control device IDC2. The unique unlocking condition to be duplicated (“Double (IDC2, D2)”) is shown.
On the other hand, if COND3 is false (“Not (COND1)”), a common unlocking condition is applied to the door D2 managed by the electronic lock control device IDC2 (“Standard (IDC2, D2)”). It is shown.
That is, when the common unlocking condition is “the door is unlocked if the IC card authentication is successful”, when the door 1 of the room R1 is in a failure state, the “IC card authentication” If the user unlocks the door D2 only when the two user authentications of the fingerprint authentication and the fingerprint authentication are successful, and the user does not succeed in both the IC card authentication and the fingerprint authentication in the door D2, the user enters the room R2. It is possible to prevent entry into the room, and to compensate for a decrease in security strength due to the failure of the door D1 by tightening the unlocking conditions of the door D2.

  As described above, according to the present embodiment, the status information detected by a certain electronic lock control device is used as a condition for opening / closing control of the electronic lock managed by another electronic lock control device, so that the surrounding situation Entry / exit management according to changes in

Also, if the occupants in the surrounding rooms are only users who have high entry authority, that is, if high security is maintained, unlocking the door can eliminate unnecessary user authentication operations. It becomes possible, and the convenience for the user can be improved.
In the prior art, even when the periphery is in a state where a high security state is ensured, the user must always perform a user authentication operation when entering the room R2.

Further, in the present embodiment, as described above, in addition to door traffic information, for example, door failure information can be acquired.
Then, the doors of other electronic lock control devices in the vicinity can be locked in conjunction with the failure of the doors that are always open and the security is lowered.

In the above description, the electronic lock control device is intended for locking a door. However, the object of the present embodiment is not limited to a door, and can be applied to open / close control of a locker, a safe, or the like.
In addition, since it is possible to have an unlocking condition determination unit in the external device of the electronic lock control device, even an electronic lock control device with a simple structure that cannot set complicated unlocking conditions is linked to the surrounding state. The electronic lock can be controlled, and convenience and security can be enhanced.

In addition, by using the processing of the open / close control unit described in this embodiment for controlling access permission of information devices such as personal computers, it is possible to construct an information device access control system linked to the surrounding situation. .
In addition, by using electronic data as the target of the open / close control unit described in this embodiment, it is possible to construct an electronic data access control system linked to the surrounding situation.

As described above, in the present embodiment, the entrance / exit management system that performs the unlocking control in conjunction with the surrounding situation provided with the following means has been described.
A user information storage unit that stores user information indicating contents such as user identification information, access authority information, and occupancy status.
An unlocking condition storage unit that holds unlocking condition information indicating unlocking conditions of the electronic lock.
A user information acquisition unit that acquires user information from the user information storage unit.
An unlocking condition acquisition unit that acquires unlocking condition information from the unlocking condition storage unit.
A state acquisition unit that acquires state information such as a lock state of an electronic lock such as a door or a locker, or door passage history information from one or a plurality of electronic lock control devices.
A user information update unit that updates user information using the state information obtained from the state acquisition unit and saves the user information in a user information storage unit.
An unlocking condition determination unit that determines the unlocking condition of the electronic lock using the user information, the unlocking condition information, and the state information.
An opening / closing control unit that transmits an opening / closing signal to one or a plurality of electronic lock control devices based on the unlocking condition determination information determined by the unlocking condition determination unit.

Moreover, the entrance / exit management system which performs the unlocking control interlock | cooperated with the surrounding condition provided with the following means was demonstrated.
An unlocking condition update unit that updates the unlocking condition information based on the unlocking condition determination information determined by the unlocking condition determination unit and saves it in the unlocking condition storage unit.
An unlocking condition control unit that changes the unlocking condition setting to one or a plurality of electronic lock control devices based on the unlocking condition determination information determined by the unlocking condition determination unit.

Furthermore, the entrance / exit management system which performs the unlocking control interlock | cooperated with the surrounding condition provided with the following means was demonstrated.
An unlocking condition determination unit that determines an access permission condition for an information device such as a personal computer using user information, unlocking condition information, and status information.
An open / close control unit that transmits access permission information to one or more information devices such as a personal computer based on the access permission condition determination information determined by the unlocking condition determination unit.

Finally, a hardware configuration example of the access management apparatus 100 shown in the present embodiment will be described.
FIG. 7 is a diagram illustrating an example of hardware resources of the access management apparatus 100 illustrated in the present embodiment.
The configuration in FIG. 7 is merely an example of the hardware configuration of the access management apparatus 100, and the hardware configuration of the access management apparatus 100 is not limited to the configuration illustrated in FIG. Also good.

In FIG. 7, the access management apparatus 100 includes a CPU 911 (also referred to as a central processing unit, a central processing unit, a processing unit, a processing unit, a microprocessor, a microcomputer, and a processor) that executes a program.
The CPU 911 is connected to, for example, a ROM (Read Only Memory) 913, a RAM (Random Access Memory) 914, a communication board 915, a display device 901, a keyboard 902, a mouse 903, and a magnetic disk device 920 via a bus 912. Control hardware devices.
Further, the CPU 911 may be connected to an FDD 904 (Flexible Disk Drive) or a compact disk device 905 (CDD). Further, instead of the magnetic disk device 920, a storage device such as an optical disk device or a memory card (registered trademark) read / write device may be used.
The RAM 914 is an example of a volatile memory. The storage media of the ROM 913, the FDD 904, the CDD 905, and the magnetic disk device 920 are an example of a nonvolatile memory. These are examples of the storage device.
The “user information storage unit” and “application condition information storage unit” described in the present embodiment are realized by the RAM 914, the magnetic disk device 920, and the like.
The communication board 915, the keyboard 902, the mouse 903, the FDD 904, and the like are examples of input devices.
The communication board 915, the display device 901, and the like are examples of output devices.

  The communication board 915 may be connected to, for example, a LAN (Local Area Network), the Internet, a WAN (Wide Area Network), a SAN (Storage Area Network), or the like.

The magnetic disk device 920 stores an operating system 921 (OS), a window system 922, a program group 923, and a file group 924.
The programs in the program group 923 are executed by the CPU 911 using the operating system 921 and the window system 922.

The RAM 914 temporarily stores at least part of the operating system 921 program and application programs to be executed by the CPU 911.
The RAM 914 stores various data necessary for processing by the CPU 911.

The ROM 913 stores a BIOS (Basic Input Output System) program, and the magnetic disk device 920 stores a boot program.
When the access management apparatus 100 is activated, the BIOS program in the ROM 913 and the boot program in the magnetic disk device 920 are executed, and the operating system 921 is activated by the BIOS program and the boot program.

  The program group 923 stores programs that execute the functions described as “˜unit” (other than “˜storage unit”) in the description of the present embodiment. The program is read and executed by the CPU 911.

In the description of the present embodiment, the file group 924 includes “determination of”, “determination of”, “calculation of”, “comparison of”, “evaluation of”, “update of”, Information, data, signal values, variable values, and parameters indicating the results of the processing described as “setting of”, “registration of”, “selection of”, etc. are “~ file” or “˜database”. It is memorized as each item.
The “˜file” and “˜database” are stored in a recording medium such as a disk or a memory. Information, data, signal values, variable values, and parameters stored in a storage medium such as a disk or memory are read out to the main memory or cache memory by the CPU 911 via a read / write circuit, and extracted, searched, referenced, compared, and calculated. Used for CPU operations such as calculation, processing, editing, output, printing, and display.
Information, data, signal values, variable values, and parameters are stored in the main memory, registers, cache memory, and buffers during the CPU operations of extraction, search, reference, comparison, calculation, processing, editing, output, printing, and display. It is temporarily stored in a memory or the like.
Also, the arrows in the flowchart described in this embodiment mainly indicate input / output of data and signals, and the data and signal values are the RAM 914 memory, the FDD904 flexible disk, the CDD905 compact disk, and the magnetic disk device. It is recorded on a recording medium such as a 920 magnetic disk, other optical disks, minidisks, and DVDs. Data and signals are transmitted online via a bus 912, signal lines, cables, or other transmission media.

  In addition, what is described as “˜unit” in the description of the present embodiment may be “˜circuit”, “˜device”, “˜device”, and “˜step”, “˜”. “Procedure” and “˜Process” may be used. That is, what is described as “˜unit” may be realized by firmware stored in the ROM 913. Alternatively, it may be implemented only by software, or only by hardware such as elements, devices, substrates, and wirings, by a combination of software and hardware, or by a combination of firmware. Firmware and software are stored as programs in a recording medium such as a magnetic disk, a flexible disk, an optical disk, a compact disk, a mini disk, and a DVD. The program is read by the CPU 911 and executed by the CPU 911. In other words, the program causes the computer to function as “to part” of the present embodiment. Alternatively, the procedure or method of “˜unit” in the present embodiment is executed by a computer.

  As described above, the access management apparatus 100 shown in this embodiment includes a CPU as a processing device, a memory as a storage device, a magnetic disk, a keyboard as an input device, a mouse, a communication board, and a display device as an output device, a communication board, and the like. As described above, the function indicated as “to part” is realized by using these processing device, storage device, input device, and output device.

  DESCRIPTION OF SYMBOLS 1 User information update part, 2 User information storage part, 3 User information acquisition part, 4 Application condition information acquisition part, 5 Application condition information storage part, 6 Application condition information update part, 7 State acquisition part, 8 Unlocking condition determination part 9 Opening / closing controller, 100 Access management device.

Claims (9)

An access management device that manages a plurality of access restriction means for restricting access to a target access restriction object, and releases access restriction of the access restriction means when a predetermined access permission condition is satisfied,
In place of the common access permission condition that is commonly applied to a plurality of access restriction means, the specific access restriction condition is applied to the specific access restriction condition that is applied to the specific access restriction means. An application condition information storage unit for storing application condition information defined in association with the state of a specific access restricted object other than the restricted object;
Detecting the state of the specific access restriction object and determining whether the detected state of the specific access restriction object matches the state defined in the application condition information; A permission condition determination unit that determines whether or not to apply a unique access permission condition to the means;
When the permission condition determining unit determines to apply the unique access permission condition, the unique access permission condition is applied to the specific access restriction unit instead of the common access permission condition, and the specific access permission condition is determined based on the unique access permission condition. And an access permission / rejection determination unit for determining whether or not to cancel the access restriction in the access restriction means. The permission condition determining unit
When the specific access restriction condition is applied to the specific access restriction means, the specific access is restricted when the state of the specific access restriction object does not match the state defined in the application condition information. Decide to apply the common permission condition to the restriction means,
The access permission determination unit
When it is determined by the permission condition determination unit that a common access permission condition is applied, a common access permission condition is applied to the specific access restriction unit instead of a unique access permission condition, and the specific access permission condition is determined based on the common access permission condition. 2. The access management apparatus according to claim 1, wherein it is determined whether or not to cancel the access restriction in the access restriction means. The access management device includes:
Manage multiple access restriction means to restrict user access to restricted objects,
The application condition information storage unit
As a condition for applying the unique access permission condition, a state in which one or more users who are permitted to access the specific access restriction object exist is defined, and further, access to the specific access restriction object is permitted. The application condition information that defines the authority level required for a user is stored,
The permission condition determining unit
It is determined whether there is a user who is permitted to access the specific access restriction object, and when there is a user who is permitted to access the specific access restriction object, the authority of the user A level is determined, it is determined whether the determined authority level matches an authority level defined in the application condition information, and whether or not the specific access permission condition is applied to the specific access restriction unit is determined. The access management apparatus according to claim 1, wherein the access management apparatus is determined. The access permission determination unit
When it is determined by the permission condition determination unit that the unique access permission condition is applied, the specific access restriction unit is provided with an access restriction to an access restriction object to which the specific access restriction unit is subject to access restriction. The access management apparatus according to claim 3, wherein the access management apparatus is released without performing an authentication process. The application condition information storage unit
As application conditions for the unique access permission condition, store application condition information in which a state in which a failure has occurred is defined in an access restriction unit that restricts access to the specific access restriction object,
The permission condition determining unit
Whether or not to apply a unique access permission condition to the specific access restriction means by determining whether or not a failure has occurred in the access restriction means for restricting access to the specific access restriction object The access management apparatus according to any one of claims 1 to 4, wherein the access management apparatus is determined. The access permission determination unit
When it is determined by the permission condition determination unit to apply a unique access permission condition, the specific access restriction unit is configured to restrict access under a unique access permission condition that is stricter than a common access permission condition. The access management apparatus according to claim 5. The access management device includes:
The access management apparatus according to any one of claims 1 to 6, wherein a plurality of access restriction units that manage an area where entry is restricted as an access restriction object are managed. The access management device includes:
The access management apparatus according to any one of claims 1 to 6, wherein a plurality of access restriction units that use information equipment whose use is restricted as an access restriction object are managed. The access management device includes:
The access management apparatus according to claim 1, wherein a plurality of access restriction units that use electronic data whose access is restricted as an access restriction object are managed.

Images