JP5604183B2 - Security management apparatus and method - Google Patents

Description

  The present invention relates to a security management technique, and more particularly to a security management technique for managing a user's entrance / exit to each section provided in a facility.

  Conventionally, as a security management device for managing the security of each section provided in a facility such as a building, an IC card in which a personal ID is recorded is distributed to registrants, and traffic related to the user of the IC card is provided for each personal ID. Permit categories and personal information are registered in advance, and when passing through the entrance / exit of an arbitrary section, based on the personal ID acquired from the IC card by an authentication device such as a card reader installed at the entrance / exit, A technique has been proposed in which the passage permission classification and the section in which the authentication device is installed are collated to determine whether entry / exit is possible and to record the history (see, for example, Patent Document 1).

JP 2010-31466 A

  However, in such a conventional technique, a personal ID is often given based on a separate number system in each security management device. For this reason, when collecting history information from such a plurality of security management devices and managing them centrally, the individual IDs used in the individual security management devices are individually managed, and the individual IDs included in the obtained history information are There is a problem that it is necessary to match between security management devices, and a large work load is required.

  The present invention is for solving such problems, and an object of the present invention is to provide a security management technique capable of collecting history information from a plurality of security management systems and managing them centrally without requiring a large work load. It is said.

In order to achieve such an object, a security management device according to the present invention is a security management device used in a security management system that determines whether a user can enter or leave each zone by an authentication device provided in a facility. A personal ID used in the entrance / exit determination in the security management device uniquely assigned to the user, a management layer ID used for personal information management, and a logical layer ID commonly used in a plurality of security management devices An ID management database that stores the correspondence relationship, an ID management unit that converts a personal ID or a management layer ID and a logical layer ID by referring to the ID management database, and an entry / exit determination target for each entry / exit determination made by the ID manager personal ID or management layer ID of the user is converted to a logical layer ID, including a logical layer ID obtained A history relating to the logical layer ID included in the history information acquisition request in response to a history information acquisition request from a recording processing unit that records the history information related to entry / exit to the history database and a management terminal connected via a communication network An information providing unit that obtains information from the history database and provides the information to the management terminal.

  At this time, if the determination result of the entry / exit judgment is acceptable in the recording processing unit, the logical layer ID of the user entering / leaving the entry / exit decision target section, and the corresponding section of the location database The location information corresponding to the zone ID is updated, and the location information related to the zone ID of the zone specified in the location information acquisition request is acquired from the location database in response to the location information acquisition request from the management terminal in the information providing unit. May be provided to the management terminal.

A security management method according to the present invention is a security management method used in a security management device of a security management system that determines whether a user can enter or leave each section by using an authentication device provided in a facility, the ID management unit Are personal IDs used for entry / exit determination in the security management device that is uniquely assigned in advance to the user, management layer IDs used for personal information management, and logical layer IDs commonly used by a plurality of security management devices. By referring to an ID management database that stores the correspondence relationship, an ID management step for mutually converting a personal ID or a management layer ID and a logical layer ID, and a recording processing unit for each entry / exit decision, The personal ID or management layer ID of the user to be converted into a logical layer ID by the ID management unit, and the obtained logical layer I A record processing step for recording history information regarding the entry / exit including the history information into the history database, and in response to the history information acquisition request from the management terminal connected via the communication network, the information providing unit responds to the history information acquisition request. An information providing step of obtaining history information related to the included logical layer ID from the history database and providing the history information to the management terminal.

  At this time, in the recording process step, if the entry / exit determination result is entry / exit, the logical layer ID of the user entering / exiting the entry / exit decision target section, and the corresponding database section in the location database. The location information corresponding to the partition ID is updated, and in the information providing step, the location information related to the partition ID of the partition specified in the location information acquisition request is acquired from the location database in response to the location information acquisition request from the management terminal. May be provided to the management terminal.

  According to the present invention, history information is collected and managed from a plurality of security management systems without requiring a large work burden and without changing the number system of existing personal IDs and management layer IDs. Is possible.

It is a block diagram which shows the structure of the security management apparatus concerning 1st Embodiment. It is a block diagram which shows the structure of the security management with which the security management apparatus concerning 1st Embodiment is applied. It is a structural example of a personal database. It is a structural example of a partition database. It is a structural example of a history database. It is an example of a structure of ID conversion database. It is a flowchart which shows a guest registration process. It is a flowchart which shows a history information provision process. It is explanatory drawing which shows log | history information provision operation | movement. It is a block diagram which shows the structure of the security management apparatus concerning 2nd Embodiment. It is a structural example of a location database. It is a flowchart which shows a location information provision process.

Next, embodiments of the present invention will be described with reference to the drawings.
[First Embodiment]
First, a security management device according to a first embodiment of the present invention will be described with reference to FIG. 1 and FIG. FIG. 1 is a block diagram illustrating the configuration of the security management device according to the first embodiment. FIG. 2 is a block diagram illustrating a configuration of security management to which the security management apparatus according to the first embodiment is applied.

The security management device 10 is composed of an information processing device such as a server device or a personal computer as a whole, and has a function of managing the security of each section provided in a facility such as a building.
As shown in FIG. 2, the security management apparatus 10 is connected to an authentication device 21 such as a card reader installed at the entrance of each section via a communication line. The authentication device 21 has a function of acquiring a personal ID registered in advance from an authentication medium 22 such as an IC card or an ID tag. The security management device 10, the authentication device 21, and the authentication medium 22 constitute one security management system 30.

  The security management apparatus 10 of these security management systems is connected to the management terminal 31 via a communication network NW such as the Internet so as to be able to perform data communication. The security management apparatus 10 accumulates itself in response to a request from the management terminal 31. It has a function to provide historical information.

  When the user passes through the doorway, the security management device 10 collates the passage permission classification previously assigned to the personal ID acquired by the authentication device 21 and the section corresponding to the authentication device 21, It is determined whether the user can enter or leave the section. In addition, when the security management apparatus 10 executes such an entry / exit determination process, the security management apparatus 10 records history information regarding the entry / exit determination.

  In the present embodiment, an ID management database for storing a correspondence relationship between a personal ID unique to the security management device assigned in advance to a user and a logical layer ID common to a plurality of security management devices, and this ID management database By referring, an ID management unit that converts the personal ID and the logical layer ID to each other is provided, and for each entry / exit determination, the personal ID of the user to be entered / exited is converted into a logical layer ID by the ID management unit. The history information regarding the entry / exit including the obtained logical layer ID is recorded in the history database and included in the history information acquisition request in response to the history information acquisition request from the management terminal connected via the communication network. The history information related to the logical layer ID is acquired from the history database and provided to the management terminal.

Next, the configuration of the security management apparatus 10 according to the present embodiment will be described in detail with reference to FIG. 1 and FIG.
The security management apparatus 10 includes, as main functional units, a communication interface unit (hereinafter referred to as a communication I / F unit) 11, a storage unit 12, an entry / exit determination unit 13, a recording processing unit 14, an ID management unit 15, and information. A providing unit 16 is provided and is connected so as to exchange data with each other.

  The communication I / F unit 11 includes a dedicated data communication circuit, and performs data communication with the authentication device 21 connected via a communication line, thereby exchanging various messages related to entrance / exit control of each section; By performing data communication with the management terminal 31 connected via the communication network NW, it has a function of exchanging messages relating to information provision of various information such as history information and location information.

  The storage unit 12 includes a storage device such as a hard disk or a semiconductor memory, and has a function of storing various processing information and programs used for each function. Main processing information stored in the storage unit 12 includes a personal database (hereinafter referred to as personal DB) 12A, a partition database (hereinafter referred to as partition DB) 12B, a history database (hereinafter referred to as history DB) 12C, and an ID management database ( (Hereinafter referred to as ID management DB) 12D.

The personal DB 12A is entry / exit determination data related to each user used for entry / exit determination.
FIG. 3 is a configuration example of a personal database. Here, for each personal ID for identifying a user, a management layer ID, a fingerprint ID, a passage permission category, and personal information are registered as a set.
Among these, the personal ID and the management layer ID are identification data assigned to each user based on a separate number system, the personal ID is mainly used for entry / exit determination processing, and the management layer ID is used to manage personal information. Used for. These number systems of personal IDs and management layer IDs are usually local and closed within one security management system 30 and are not considered for consistency with other security management systems.

The fingerprint ID is identification data for specifying fingerprint data used for the fingerprint authentication of the user, and is used when acquiring fingerprint data (not shown) registered in the storage unit 12 at the time of entry / exit determination. .
The passage permission classification is data indicating the sections that the user can pass, and section IDs of these sections are registered as a list.
The personal information is detailed data regarding the user, such as the user's name, department, contact information.

The section DB 12B is entry / exit determination data regarding each section used for entry / exit determination.
FIG. 4 is a configuration example of the partition database. Here, for each authentication device ID for identifying the authentication device 21 installed at the entrance of each partition, the partition ID and the partition information are registered as a set.
Among these, the section ID is identification data for identifying the section in which the authentication device 21 is installed, and this section ID is registered as a passage permission section of the personal DB 12A.
The device information is detailed data related to the authentication device 21 such as the name, model information, installation location, section name, and entrance / exit name of the authentication device 21.

The history DB 12C is data indicating a history related to the entry / exit determination process.
FIG. 5 is a configuration example of the history database. Here, for each history date and time indicating the date and time when the entry / exit determination processing is performed, the personal ID of the user who is the entry / exit determination target, the authentication device ID indicating the authentication device 21 where the operation was performed, and the entry / exit determination processing Is registered as a set.
Among these, as the processing contents, in addition to the processing result of the entry / exit determination process, that is, whether entry / exit is possible, alarm data such as the reason why entry / exit is impossible, the failure contents of the authentication device 21, and unauthorized operation may be recorded.

The ID conversion DB 12D is data for mutually converting the logical layer ID, the personal ID, and the management layer ID.
FIG. 6 is a configuration example of the ID conversion database. Here, for each logical layer ID, a corresponding personal ID and management layer ID are registered as a set.
Among these, the logical layer ID is global identification data assigned to each user based on a numbering system unified between the security management systems 30 to be managed by the management terminal 31, and refer to this ID conversion DB 12D. By doing so, the global logical layer ID, the local personal ID, and the management layer ID can be mutually converted.

  The entrance / exit determination unit 13 obtains, from the personal DB 12A, a pass permission category for the personal ID included in the entrance / exit determination request in response to the entrance / exit determination request received from the authentication device 21 via the communication I / F unit 11. Then, by confirming whether or not the authentication device ID included in the entry / exit determination request is included in the passage permission classification, the function for determining whether the entry / exit is permitted and the determination result of the entry / exit permission / inhibition are communicated. The / F unit 11 has a function of controlling the door locking by notifying the authentication device 21.

  The recording processing unit 14 converts the personal ID of the user who is an entry / exit determination target into a logical layer ID by the ID management unit 15 according to the entrance / exit determination processing in the entrance / exit determination unit 13, and the obtained logical layer It has a function of registering history information about IDs including IDs in the history DB 12C.

  The ID management unit 15 refers to the ID management DB 12D, converts the input logical layer ID into a personal ID or management layer ID, and outputs it, and the input personal ID as a logical layer ID or management layer ID. And a function for converting the input management layer ID into a logical layer ID or a personal ID and outputting it.

  In response to the history information acquisition request from the management terminal 31 received via the communication I / F unit 11, the information providing unit 16 acquires history information regarding the logical layer ID included in the history information acquisition request from the history DB 12C. And a function to be provided to the management terminal 31.

Among these functional units, the entry / exit determination unit 13, the recording processing unit 14, the ID management unit 15, and the information providing unit 16 are arithmetic processing units having a microprocessor such as a CPU and its peripheral circuits, and are stored in the storage unit 12 in advance. This is realized by executing a registered program.
In addition, the security management apparatus 10 includes an operation input unit such as a keyboard and a mouse, a screen display unit for displaying an operation menu and various processing screens, and an input / output for performing data communication with an external terminal or an external device. Assume that a functional unit similar to a general server device or personal computer, such as an interface unit, is provided.

[Operation of First Embodiment]
Next, the operation of the security management apparatus 10 according to the present embodiment will be described with reference to FIGS. FIG. 7 is a flowchart showing the guest registration process. FIG. 8 is a flowchart showing the history information providing process. FIG. 9 is an explanatory diagram showing a history information providing operation.
Here, it is a case where the history information of the user P belonging to the security management system 30 of the business establishment A is confirmed by the management terminal 31, and in particular, the user P makes the security management system 30 of the business establishment B as a guest by a business trip. A case where history information is collected from the security management systems 30 of the business establishment A and the business establishment B because they are temporarily used will be described.

[Guest registration operation]
The guest registration operation will be described with reference to FIG.
When a visitor who is not registered in advance uses the security management system 30, the security management apparatus 10 performs a guest registration process for temporarily making the visitor available as shown in FIG. Here, it is assumed that a guest IC card to be lent to a visitor is prepared in advance for each passage permission category, and an entry relating to the personal ID corresponding to this guest IC card is registered in the personal DB 12A in advance.

In the guest registration process of FIG. 7, first, the ID management unit 15 obtains the personal ID of the guest IC card lent to the visitor according to the operator's operation (step 100), and obtains the visitor's logical layer ID. (Step 101). Among these, for the personal ID, an unrented guest IC card that is permitted to pass to the visited section is selected according to the visited place of the visitor. As for the logical layer ID, the visitor may input the logical layer ID transmitted to the operator.
Thereafter, the ID management unit 15 registers the logical layer ID of the visitor in the logical layer ID of the entry related to the acquired personal ID in the personal DB 12A (step 102), and ends the series of guest registration processes.

[History information provision operation]
Next, the history information providing operation will be described with reference to FIGS.
When the user passes through the entrance / exit of an arbitrary section, the authentication device 21 installed at the entrance / exit acquires a personal ID from the user's authentication medium 22 (step 110), and is assigned to the personal ID and self. An entrance / exit determination request including the authentication device ID being sent is transmitted to the security management apparatus 10 via the communication line (step 111).

The entrance / exit determination unit 13 of the security management device 10 responds to the entrance / exit determination request from the authentication device 21 received via the communication I / F unit 11, and allows the passage of the personal ID included in the entrance / exit determination request. Is obtained from the personal DB 12A, and whether or not the entry / exit is permitted is determined by confirming whether or not the authentication device ID included in the entry / exit determination request is included in the passage permission category (step 112).
Thereafter, the entry / exit determination unit 13 transmits the obtained determination result of whether entry / exit is possible from the communication I / F unit 11 to the authentication device 21 (step 113). If the entry / exit determination result indicates that entry / exit is permitted, the authentication device 21 unlocks the door of the entrance / exit, and if the entry / exit indicates that entry / exit is not possible, the authentication device 21 performs unlocking control to maintain locking (step 114).

  In addition, the recording processing unit 14 of the security management device 10 uses the ID management unit 15 to assign the personal ID of the user to be subject to the entry / exit determination to the logical layer in accordance with the entry / exit determination processing in the entry / exit determination unit 13. It converts into ID (step 120), and the history regarding the entrance / exit determination process including the obtained logical layer ID is registered in the history DB 12C (step 121).

Thereafter, when confirming history information regarding an arbitrary user P, in response to the operation of the administrator, the management terminal 31 sends a history information acquisition request including the logical layer ID of the user P via the communication network NW. To each security management device 10 (step 130).
The information providing unit 16 of the security management apparatus 10 searches the history DB 12C for history information regarding the logical layer ID included in the received history information acquisition request (step 131), and obtains the obtained history information from the communication I / F unit 11. It returns to the management terminal 31 via the communication network NW (step 132), and a series of history information provision processing is completed.

With reference to FIG. 9, an operation example of the history information providing operation will be described. Here, for example, a personal ID “3824” for a regular employee is assigned to the user P having the logical layer ID “105840” at the business office A, and this user P makes a business trip to the business office B. It is assumed that a guest personal ID “5001” is assigned.
Therefore, the entrance / exit determination of the user P is performed by using the personal ID based on the separate number system in the security management apparatuses 10 of the offices A and B, and the history information is recorded respectively.

  At this time, according to the present embodiment, when recording history information, each security management apparatus 10 converts a local personal ID into a global logical layer ID and records it. Thereby, when the history information of the user P is acquired from the security management apparatus 10 of the business establishments A and B by the management terminal 31, if the logical layer ID “105480” of the user P is designated, the business establishment A and B The security management apparatus 10 searches the history information of the logical layer ID “105480” and provides it to the management terminal 31.

  For this reason, in the management terminal 31, it becomes unnecessary to manage each personal ID used by each security management apparatus 10 individually. Further, it is not necessary to match the personal IDs included in the collected history information among the security management apparatuses 10. For this reason, history information can be collected and managed from a plurality of security management systems without requiring a large work load.

[Effect of the first embodiment]
As described above, the present embodiment is an ID management DB 12D that stores a correspondence relationship between a personal ID unique to the security management apparatus 10 assigned in advance to a user and a logical layer ID common to the plurality of security management apparatuses 10. By referring to this ID management DB 12D, an ID management unit 15 for converting the personal ID and the logical layer ID to each other is provided, and the recording processing unit 14 is a user who is an entry / exit determination target for each entry / exit determination. Personal ID is converted into a logical layer ID by the ID management unit 15, and the history information regarding the entry / exit including the obtained logical layer ID is recorded in the history DB 12C, and the information providing unit 16 is connected via the communication network NW. In response to the history information acquisition request from the management terminal 31, the history information related to the logical layer ID included in the history information acquisition request is acquired from the history DB 12C and provided to the management terminal 31. Those who like to be.

As a result, the management terminal 31 does not need to individually manage the personal IDs used in the individual security management devices 10. Further, it is not necessary to match the personal ID included in each collected history information between the security management apparatuses 10. Furthermore, even when the same personal ID is used repeatedly among different users among the plurality of security management systems 30, it is possible to easily distinguish and process the history information regarding these users.
For this reason, it is possible to collect history information from a plurality of security management systems and centrally manage them without requiring a large work load and without changing the number system of existing personal IDs and management layer IDs. Become.

  In this embodiment, the case where the personal ID is converted into the logical layer ID and recorded when the history information is recorded has been described as an example. However, when the history information is recorded, the personal ID is used and the management terminal is used. When the history information is provided to 31, it may be converted into a logical layer ID and provided. Thereby, it is not necessary to perform conversion to the logical layer ID in the history information recording process executed for each entry / exit determination, and the processing load can be reduced.

[Second Embodiment]
Next, a security management apparatus according to the second embodiment of the present invention will be described with reference to FIG. FIG. 10 is a block diagram showing the configuration of the security management apparatus according to the second embodiment. The same reference numerals are given to the same or similar parts as those in FIG.
In the first embodiment, the case where history information is provided from the security management apparatus 10 to the management terminal has been described as an example. In this embodiment, a case where location information is provided will be described.

In the present embodiment, the storage unit 12 stores a location database (hereinafter referred to as location DB) 12E as new processing information.
The location DB 12E is data indicating users existing in each section. FIG. 11 is a configuration example of the location database. Here, for each section ID for identifying each section, a personal ID indicating a user existing in the section is registered as a list.

Further, in the present embodiment, the recording processing unit 14, when the entry / exit judgment result in the entry / exit judgment unit 13 is acceptable, indicates the logic of the user entering / leaving the entry / exit determination target section. The layer ID has a function of updating the location information corresponding to the partition ID of the partition in the location DB 12E. Specifically, for the entry corresponding to the section ID of the section to be entered / exited, the personal ID of the user who enters the section is added, and the personal ID of the user who leaves the section is deleted.
Note that other parts of the security management apparatus 10 according to the present embodiment are the same as those in the first embodiment, and a detailed description thereof is omitted here.

[Operation of Second Embodiment]
Next, with reference to FIG. 12, the operation of the security management apparatus 10 according to the present exemplary embodiment will be described. FIG. 12 is a flowchart showing the location information providing process, and the same or similar parts as those in FIG.
Here, it is a case where the location information of the section BY provided in the security management system 30 of the business office B is confirmed by the management terminal 31, and in particular, the user P belonging to the security management system 30 of the business office A makes a business trip. The case where the security management system 30 of the office B is temporarily used as a guest and exists in the section BY will be described.

  When the user passes through the entrance / exit of an arbitrary section, the authentication device 21 installed at the entrance / exit acquires a personal ID from the user's authentication medium 22 (step 110), and is assigned to the personal ID and self. An entrance / exit determination request including the authentication device ID being sent is transmitted to the security management apparatus 10 via the communication line (step 111).

The entrance / exit determination unit 13 of the security management device 10 responds to the entrance / exit determination request from the authentication device 21 received via the communication I / F unit 11, and allows the passage of the personal ID included in the entrance / exit determination request. Is obtained from the personal DB 12A, and whether or not the entry / exit is permitted is determined by confirming whether or not the authentication device ID included in the entry / exit determination request is included in the passage permission category (step 112).
Thereafter, the entry / exit determination unit 13 transmits the obtained determination result of whether entry / exit is possible from the communication I / F unit 11 to the authentication device 21 (step 113). If the entry / exit determination result indicates that entry / exit is permitted, the authentication device 21 unlocks the door of the entrance / exit, and if the entry / exit indicates that entry / exit is not possible, the authentication device 21 performs unlocking control to maintain locking (step 114).

  Further, the recording processing unit 14 of the security management device 10, when the entry / exit determination result in the entry / exit determination unit 13 indicates that entry / exit is possible (step 220: YES), the individual of the user who is the object of the entry / exit determination The ID is converted into a logical layer ID by the ID management unit 15 (step 221), and the location information corresponding to the partition ID of the partition in the location DB 12E is updated with the obtained logical layer ID (step 222).

Thereafter, when confirming location information related to a partition managed by the security management apparatus 10, the management terminal 31 sends a location information acquisition request including the partition ID of the partition to the communication network NW according to the operation of the administrator. To the corresponding security management apparatus 10 (step 230).
The information providing unit 16 of the security management apparatus 10 searches the location DB 12E for location information related to the section ID included in the received location information acquisition request (step 231), and communicates the obtained location information from the communication I / F unit 11. The information is returned to the management terminal 31 via the network NW (step 232), and the series of location information providing processing ends.

[Effect of the second embodiment]
As described above, in the present embodiment, when the determination result of the entry / exit determination is acceptable in the recording processing unit 14, the logical layer ID of the user who enters / exits the section targeted for the entry / exit determination is used. In the location DB 12E, the location information corresponding to the partition ID of the partition is updated, and the partition of the partition specified in the location information acquisition request in response to the location information acquisition request from the management terminal 31 by the information providing unit 16 The location information related to the ID is acquired from the location DB 12E and provided to the management terminal 31.

  This eliminates the need for matching the personal IDs included in the collected location information among the security management apparatuses 10. For this reason, history information can be collected and managed from a plurality of security management systems without requiring a large work load.

  In this embodiment, the case where the personal ID is converted into the logical layer ID and recorded when the location information is recorded has been described as an example. However, when the location information is recorded, the personal ID is used to record the location information. When location information is provided to 31, it may be provided after being converted into a logical layer ID. Thereby, in the location information recording process executed for each entry / exit determination, it is not necessary to perform conversion to the logical layer ID, and the processing load can be reduced.

[Extended embodiment]
The present invention has been described above with reference to the embodiments, but the present invention is not limited to the above embodiments. Various changes that can be understood by those skilled in the art can be made to the configuration and details of the present invention within the scope of the present invention.

  DESCRIPTION OF SYMBOLS 10 ... Security management apparatus, 11 ... Communication I / F part, 12 ... Memory | storage part, 12A ... Individual DB, 12B ... Section DB, 12C ... History DB, 12D ... ID management DB, 12E ... Location DB, 13 ... Entrance / exit determination , 14 ... recording processing unit, 15 ... ID management unit, 16 ... information providing unit, 21 ... authentication device, 22 ... authentication medium, 30 ... security management system, NW ... communication network.

Claims (4)

A security management device used in a security management system that determines whether a user can enter or leave each zone by an authentication device provided in a facility,
A personal ID used in the entrance / exit determination in the security management device assigned in advance to the user and a management layer ID used for personal information management, and a logical layer ID commonly used in a plurality of security management devices An ID management database for storing correspondences;
An ID management unit that converts the personal ID or the management layer ID and the logical layer ID to each other by referring to the ID management database;
For each entry / exit determination, the personal ID or management layer ID of the user to be entered / exited is converted into a logical layer ID by the ID management unit, and history information regarding the entry / exit including the obtained logical layer ID is obtained. A recording processing unit for recording in the history database;
In response to a history information acquisition request from a management terminal connected via a communication network, information provision for acquiring history information related to a logical layer ID included in the history information acquisition request from the history database and providing it to the management terminal A security management device comprising: The security management device according to claim 1,
If the determination result of the entry / exit determination is entry / exit, the recording processing unit is the logical layer ID of the user who enters / exits the entry / exit decision target section, and the section of the section in the location database Update the location information corresponding to the ID,
In response to a location information acquisition request from the management terminal, the information providing unit acquires location information relating to a partition ID of a partition specified in the location information acquisition request from the location database and provides the location information to the management terminal. Security management device characterized by the above. A security management method used in a security management device of a security management system for determining whether a user can enter or leave each section by an authentication device provided in a facility,
An ID management unit is used in common by a plurality of security management devices, and a personal ID and a management layer ID used for personal information management that are used for entrance / exit determination in the security management device that is uniquely assigned in advance to the user. An ID management step of converting the personal ID or the management layer ID and the logical layer ID to each other by referring to an ID management database that stores a correspondence relationship with the logical layer ID;
For each entry / exit decision, the recording processing unit converts the personal ID or management layer ID of the user to be entered / exited into a logical layer ID by the ID management unit and includes the obtained logical layer ID. A record processing step for recording history information about withdrawal in a history database;
In response to a history information acquisition request from a management terminal connected via a communication network, the information providing unit acquires history information related to a logical layer ID included in the history information acquisition request from the history database, and the management terminal A security management method comprising: an information provision step to be provided to The security management method according to claim 3,
The record processing step is a logical layer ID of a user who enters and exits a partition subject to entry / exit determination when the entry / exit determination result is entry / exit, and the partition of the partition in the location database Update the location information corresponding to the ID,
In the information providing step, in response to a location information acquisition request from the management terminal, location information relating to a partition ID of a partition specified in the location information acquisition request is acquired from the location database and provided to the management terminal. Security management method characterized by the above.

Images