JP6700372B2 - Authentication system, server device and authentication program - Google Patents

Description

  The present disclosure relates to an authentication system, a server device, and an authentication program, and more specifically to a technique for authenticating a person who is planning to enter a facility.

  In order to prevent an unauthorized person from entering the facility, it is necessary to authenticate the person who is planning to enter the facility when the person planning to enter the facility enters the facility.

  In JP 2004-326226 A (Patent Document 1), a code number such as a bar code is attached to a signboard installed at a specific position on the site as a time and attendance management system for workers who work on the site such as a construction site. Every time, the worker who arrives at the site reads the code number with the mobile terminal and transmits the information of the code number to the management server. In Patent Document 1, the management server specifies the worker at the work site and the work site based on the information transmitted from the mobile terminal.

JP, 2004-326226, A

  According to the configuration of Patent Document 1, the code number cannot be read unless the worker goes to the work site, so that the worker must actually go to the work site, and it is possible to prevent fraudulent declaration of the worker. it can. However, since it is impossible to prevent a third party other than the worker (so-called “spoofing”) from illegally entering the work site, there is a concern that security may be weakened. Therefore, as a security measure, an admission certificate that authenticates the worker (that is, the person who is planning to enter the building) and permits the admission to the work site only when it is confirmed that the worker is a properly registered worker. Issuing a method is possible.

  On the other hand, in order to authenticate the person who is going to enter the building, if you adopt a mechanism to register the personal information such as name and address in advance on the management server in order to authenticate yourself, the unauthorized access to the management server will result in personal information. May be leaked. Further, a person who is expected to enter the building needs to perform an operation of registering personal information such as a name and an address, which may reduce the convenience of the person who is expected to enter the building. Alternatively, if a mechanism for authenticating the person in advance and issuing the admission certificate is adopted, there is a concern that the admission certificate may be illegally copied and distributed to a third party.

  The present invention has been made to solve such a problem, and an object of the present invention is to enhance security and provide convenience for prospective visitors in an authentication system that authenticates prospective visitors to a facility. It is to realize the improvement of sex.

    In one aspect of the present invention, the authentication system is an authentication system for authenticating a person who is expected to enter the facility, and includes a server device, a communication terminal device, and a transmitter. The server device communicates with a portable terminal owned by a person who is going to enter the building via a network. The communication terminal device is communicatively connected to the server device via a network. The providing device is installed in the facility and provides an ID signal unique to the facility. The mobile terminal is configured to be able to acquire an ID signal within a designated area in which the facility providing device is installed. The server device has a storage unit for storing facility information, visitor information, and entry schedule information transmitted from the communication terminal device. The facility information is information in which facility identification information and ID signals are associated with each other. The visitor information is attribute information of the mobile terminal. The planned entrance information is information in which a planned entrance date of a person planning to enter the facility is associated with a unique identifier of the mobile terminal. The server device is configured to give a unique identifier to the mobile terminal registered in the visitor information by communicating with the mobile terminal before the scheduled date and time. When the person who is planning to enter the facility visits the facility, the server device communicates with the mobile terminal to identify the facility by comparing the ID signal acquired by the mobile terminal from the providing device with the facility information. The server device further judges whether or not the prospective admission person is planning to enter the facility by comparing the specified facility and the unique identifier of the mobile terminal with the admission schedule information, and the prospective admission person plans to enter the facility. If it is determined that there is one, an admission certificate is issued to the mobile terminal.

  According to still another aspect of the present invention, in an authentication system that authenticates a person who is expected to enter the facility, the authentication program is a server device that communicates with a portable terminal owned by the person who is expected to enter through a network. Let the processor execute. The mobile terminal is configured to be able to receive an ID signal unique to a facility within a designated area of the facility. The authentication program includes a step of storing facility information, visitor information, and entry schedule information transmitted from a communication terminal device connected to a network and operated by a facility manager. The facility information is information in which facility identification information and ID signals are associated with each other. The visitor information is attribute information of the mobile terminal. The planned entrance information is information in which a planned entrance date of a person planning to enter the facility is associated with a unique identifier of the mobile terminal. The authentication program further includes a step of giving a unique identifier to the mobile terminal registered in the visitor information by communicating with the mobile terminal before the scheduled date and time, and when the prospective person visits the facility. In addition, by communicating with the mobile terminal, the step of identifying the facility by comparing the ID signal acquired by the mobile terminal with the facility information, and the unique identifier of the identified facility and the mobile terminal with the scheduled entrance information, The steps of determining whether the prospective person plans to enter the facility and the step of issuing an admission certificate to the mobile terminal when the prospective person is determined to enter the facility Prepare

  According to still another aspect of the present invention, in an authentication system that authenticates a person who is expected to enter the facility, the authentication program is a server device that communicates with a portable terminal owned by the person who is expected to enter through a network. Let the processor execute. A transmitter for transmitting an ID signal unique to the facility is installed in the facility. The mobile terminal is configured to be able to receive an ID signal within a designated area where a transmitter of the facility is installed. The authentication program includes a step of storing facility information, visitor information, and entry schedule information transmitted from a communication terminal device connected to a network and operated by a facility manager. The facility information is information in which facility identification information and ID signals are associated with each other. The visitor information is attribute information of the mobile terminal. The planned entrance information is information in which a planned entrance date of a person planning to enter the facility is associated with a unique identifier of the mobile terminal. The authentication program further includes a step of giving a unique identifier to the mobile terminal registered in the visitor information by communicating with the mobile terminal before the scheduled date and time, and when the prospective person visits the facility. Then, by communicating with the mobile terminal, the ID signal received by the mobile terminal from the transmitter is compared with the facility information to identify the facility, and the unique identifier of the identified facility and the mobile terminal is compared with the admission schedule information. The step of determining whether the prospective person is planning to enter the facility, and if the prospective person is planning to enter the facility, issue an admission certificate to the mobile device. And steps.

  According to still another aspect of the present invention, the authentication program causes a processor of a portable terminal owned by a prospective person to execute in an authentication system for authenticating a person who is expected to enter the facility. The mobile terminal is communicatively connected to the server device via a network. The authentication program includes a step of transmitting attribute information of the mobile terminal to the server device and receiving a unique identifier corresponding to the attribute information from the server device before the scheduled date and time when the prospective person enters the facility. When the facility visits the facility, in the designated area of the facility, a step of obtaining an ID signal unique to the facility, a step of transmitting the obtained ID signal and the unique identifier to the server device, and a prospective person entering the facility If there is a plan to do so, the step of receiving the admission certificate issued by the server device.

  According to the present invention, the attribute information of the portable terminal owned by the prospective admission person is registered as the admission person information in the server device before the scheduled admission date and time, and the server is provided to the portable terminal registered in the admission person information. A unique identifier is given by the device. When the person planning to enter the facility visits the facility on the scheduled date of entering the facility, the server device and the mobile terminal communicate with each other by using the unique identifier given in advance and the ID signal received by the facility. Personal authentication is performed and an admission certificate is issued to the mobile terminal. According to this, personal identification is performed and the admission certificate is issued for the first time when the prospective admission person visits the facility on the day, so a third party other than the prospective admission person illegally uses the admission certificate to access the facility. I can prevent you from entering.

  Further, since the personal authentication of the prospective admission person is performed using the unique identifier uniquely generated by the server device in association with the admission person information, for the prospective admission person, a procedure for registering personal information such as name and address. Is unnecessary, and the risk of leaking out such personal information can be avoided. Furthermore, since the server device can block access from a mobile terminal to which a unique identifier is not assigned, the server device can issue the admission certificate only to the mobile terminal that is properly registered.

  As a result, in the authentication system that authenticates the person who is expected to enter the facility, it is possible to enhance security and improve the convenience of the person who is expected to enter the facility.

It is a block diagram which shows the structural example of the authentication system according to the embodiment of the present invention. It is a block diagram which shows the hardware constitutions of a server apparatus. It is a block diagram which shows the hardware constitutions of a portable terminal. It is a figure explaining the person authentication processing by the authentication system according to this Embodiment. It is a figure explaining the person authentication processing by the authentication system according to this Embodiment. It is a figure which shows an example of the facility information registered into a system management server. It is a figure which shows an example of the visitor information registered into a facility management server. It is a figure which shows an example of the admission schedule information registered into a facility management server. It is a figure explaining the person authentication processing by the authentication system according to this Embodiment. It is a figure which shows the example of a display screen of a mobile terminal. It is a figure which shows the flow of the entrance of the person who is planning to enter the facility. It is a sequence diagram explaining the procedure of the process of personal authentication by the authentication system according to the present embodiment. It is a sequence diagram explaining the procedure of the process of personal authentication by the authentication system according to the present embodiment. It is a flow chart for explaining processing performed in a facility management server. It is a flow chart for explaining processing performed in a personal digital assistant. It is a figure which shows the structure of the authentication system according to the 1st modification of this Embodiment. It is a figure which shows the structure of the authentication system according to the 2nd modification of this Embodiment. It is a figure which shows the structure of the authentication system according to the 3rd modification of this Embodiment.

  Embodiments of the present invention will be described below in detail with reference to the drawings. In the following, the same or corresponding parts in the drawings will be denoted by the same reference numerals, and the description thereof will not be repeated in principle.

(Configuration of authentication system)
FIG. 1 is a block diagram showing a configuration example of an authentication system according to an embodiment of the present invention. Authentication system 100 according to the present embodiment is a system for performing personal authentication of a person who is scheduled to enter the facility (hereinafter, also referred to as “expected person to enter”). In the specification of the present application, “facility” means a building such as an office building, a factory or a movie theater, a conference room in the office building, a building in the factory or a screen such as a screen in the movie theater, or This includes venues where events such as fireworks displays and outdoor concerts are held.

  Referring to FIG. 1, authentication system 100 according to the present embodiment includes server devices 10, 20, 30 and communication terminal devices 50, 60, a mobile terminal 70, and a transmitter 80. The server devices 10, 20, 30 and the communication terminal devices 50, 60 are connected to the Internet (communication network) 40. In the present embodiment, the Internet is exemplified as the communication network connecting the server devices 10, 20, 30 and the communication terminal devices 50, 60, but as the communication network, a telephone line network, a mobile communication network, a CATV communication network, a satellite communication. It is also possible to use an internet network (TCP/IP) using a network.

  The server device 10 is mainly a server device for managing information about one or a plurality of facilities in which the authentication system 100 is operated. In the configuration example of FIG. 1, it is assumed that the authentication system 100 according to the present embodiment is used to manage entrance and exit of a facility FA out of one or a plurality of facilities.

  A communication terminal device 50 is connected to the server device 10 via the Internet 40, and by communicating with the communication terminal device 50, information about the one or more facilities is collected and managed. In the following description, the server device 10 is also referred to as “system management server”.

  The communication terminal device 50 can be operated by a system administrator M1 who manages the authentication system 100. The communication terminal device 50 is configured by a mobile terminal device such as a personal computer (PC) or a personal digital assistant (PDA: Personal Digital Assistant) that can be connected to the Internet 40, for example. The installation locations of the system management server 10 and the communication terminal device 50 are not particularly limited, and for example, they are installed in a management center that manages the entire authentication system 100.

  The server device 20 is mainly a server device for managing information regarding entry and exit of visitors to the one or more facilities. In the configuration example of FIG. 1, the server device 20 is configured to manage information regarding entry and exit of visitors to the facility FA. A communication terminal device 60 is connected to the server device 20 via the Internet 40, and by communicating with the communication terminal device 60, information about a visitor of the facility FA and information about an entrance schedule of the visitor is displayed. Collect and manage. In the following description, the server device 20 is also referred to as “facility management server”.

  The communication terminal device 60 can be operated by a facility manager M2 who manages entry and exit from the facility FA. The communication terminal device 60 is composed of a mobile terminal device such as a PC or PDA that can be connected to the Internet 40. The installation location of the facility management server 20 and the communication terminal device 60 is not particularly limited, and for example, the facility management server 20 and the communication terminal device 60 are installed in a management center provided in the premises of the facility FA that manages the operation (operation) of the facility FA. By setting a fixed IP address in the communication terminal device 60, it is possible to limit the communication terminal devices that can communicate with the facility management server 20.

  The server device 30 is mainly a server device for managing information related to various services provided to the mobile terminal 70 owned by a person who plans to enter the one or more facilities. The server device 30 manages dedicated application software for using the service provided by the authentication system 100. This dedicated application includes application software relating to reservations for entering the above-mentioned one or more facilities. In the following description, the server device 30 will also be referred to as an “app management server”. In addition, application software related to reservations for entering the facility is also referred to as “entry app”. The installation location of the application management server 30 is not particularly limited, and for example, it is installed in an information provider who is connected to the Internet 40. In this case, the entrance application is provided as a program product that can be downloaded by the information provider.

  The mobile terminal 70 is connected to the application management server 30 via the Internet 40 and the mobile communication network 75. The portable terminal 70 is owned by the prospective person V1 who enters the facility FA, and is a smartphone or a tablet. The mobile terminal 70 is configured to be communicatively connected to the Internet 40 via a mobile communication network 75 such as an LTE (Long Term Evolution) line, a 4G line or a 3G line. In the example of FIG. 1, a smartphone is illustrated as the mobile terminal 70.

  The prospective person V1 can perform a login operation and various operations after login from the application software by downloading the above-mentioned dedicated application software from the application management server 30 and installing it in the mobile terminal 70. For example, by logging in to the above-mentioned entrance application, the mobile terminal 70 can communicate with the system management server 10 and the facility management server 20 via the Internet 40 and exchange data and information with these server devices. it can.

  In the configuration example of FIG. 1, each of the system management server 10, the facility management server 20, and the application management server 30 has a cloud server provided in a so-called cloud computing system that holds and uses data on the Internet 40. It is composed of. However, the facility management server 20 can also be configured by an on-premises server connected to a wireless communication network uniquely constructed in the facility FA.

  Further, in the configuration example of FIG. 1, the system management server 10, the facility management server 20, and the application management server 30 are configured by separate hardware devices, but in terms of implementation, these three servers are also the same hardware device. Alternatively, it may be a server device on the cloud.

  The transmitter 80 is installed for each of the one or more facilities in which the authentication system 100 is operated, and is configured to emit an ID signal unique to the corresponding facility. In the configuration example of FIG. 1, the transmitter 80 corresponding to the facility FA is installed near the entrance of the facility FA and transmits an ID signal unique to the facility FA. The transmitter 80 corresponds to one example of the “providing device”.

  In this embodiment, the transmitter 80 is an optical ID transmitter that transmits optical ID data unique to the facility FA. Specifically, the transmitter 80 transmits the optical ID data as an optical ID signal by using the difference in brightness (brightness) of the light source. The transmitter 80 is composed of, for example, a visible light LED (Light Emitting Diode), and “0” and “1” of the optical ID data can be expressed by controlling the brightness of the visible light LED. As will be described later, the optical ID data transmitted by the transmitter 80 is associated with the facility ID individually assigned to the facility FA.

  The transmitter 80 can be integrated with a display device installed near the entrance of the facility FA. For example, the transmitter 80 can be built in the signage. The signage has a display and a touch panel integrally configured on the display. On the display, various contents related to the facility FA, such as contents showing a map in the facility FA, are displayed. The transmitter 80 can be installed above the display of this signage.

  In the configuration example of FIG. 1, a prospective person V1 who has visited the entrance of the facility FA activates the entrance application on the mobile terminal 70, and then directs the mobile terminal 70 toward the transmitter 80 and a camera (not shown). The optical ID signal can be received by photographing the optical ID signal emitted from the transmitter 80.

(Hardware configuration of server device)
FIG. 2 is a block diagram showing the hardware configuration of the server device 20.

  Referring to FIG. 2, the server device 20 (facility management server) includes a CPU (Central Processing Unit) 54 for controlling the entire device, a communication I/F (Interface) 56 and a memory 58 connected to the CPU 54. And a display unit 52. The communication I/F 56 has a function of communicating with the communication terminal devices 50 and 60 and the mobile terminal 70 by communication connected to the Internet 40.

  The memory 58 is, for example, a ROM (Read Only Memory) 62 which is a memory for storing a program executed by the CPU 54, and a memory for storing a calculated value which is a work area when the CPU 54 executes the program. A RAM (Random Access Memory) 64 and an HDD (Hard Disk Drive) 66 as an example of a large storage device are included.

  The process in the server device 20 is realized by each hardware and software executed by the CPU 54. Such software may be stored in the ROM 62 or the HDD 66 in advance. The software may be stored in a storage medium (not shown) and distributed as a program product. Then, the software is read from the HDD 66 by the CPU 54 and stored in the RAM 64 in a format executable by the CPU 54. The CPU 54 executes this program.

  The storage medium is not limited to a DVD-ROM, a CD-ROM, an FD (Flexible Disk), a hard disk, but a magnetic tape, a cassette tape, an optical disk (MO (Magnetic Optical Disk)/MD (Mini Disk)/DVD (Digital). Versatile Disc)), an optical card, a mask ROM, an EPROM (Electrically Programmable Read-Only Memory), a semiconductor memory such as a flash ROM, or the like, and a medium that carries the program in a fixed manner.

  Further, the program includes not only a program directly executable by the CPU but also a program in a source program format, a compressed program, an encrypted program, and the like.

  The server device 20 can be configured with a function corresponding to a general computer.

(Hardware configuration of mobile terminal)
FIG. 3 is a block diagram showing the hardware configuration of the mobile terminal 70.

  With reference to FIG. 3, a CPU 74, a touch screen 76, a memory 84, a button 86 (operation unit) for turning power on/off, a communication I/F 88, a speaker 78 for audio output, and a camera 82 (imaging unit) are included. ..

  The communication I/F 88 has at least a communication connection function with the server device and a communication connection function with the mobile communication network 75 as a communication function with the external device of the mobile terminal 70 in the authentication system 100 in FIG. 1.

  The touch screen 76 can form a display-integrated input device including a display 76a and a touch panel 76b. Alternatively, the display 76a and the operation section (buttons, keys, etc.) can be separately provided.

  The memory 84 is realized by various types of RAM, ROM, flash memory, hard disk, and the like. The memory 84 stores various programs executed by the CPU 74. The CPU 74 can execute various control processes and the like by executing various programs stored in the memory 84.

  The process in the mobile terminal 70 is realized by each hardware and software executed by the CPU 74. Such software may be stored in the memory 84 in advance. Alternatively, the software may be provided as a program product that can be downloaded by an information provider connected to the Internet 40. Such software is read from the storage medium by the reading device or downloaded via the communication I/F 88, and then temporarily stored in the RAM. Then, the software is read from the RAM by the CPU 74 and further stored in the form of a program executable by the CPU 74. The CPU 74 executes the program.

(Operation of authentication system)
Next, personal authentication processing by authentication system 100 according to the present embodiment will be described.

  In the authentication system 100 according to the present embodiment, the personal authentication process is [1] a process of assigning a unique identification ID to the portable terminal 70 owned by the prospective admission person V1 of the facility FA, and [2] a prospective admission person V1. The process is roughly divided into a process of pre-registering information about a planned entrance and a process of [3] authenticating the prospective V1 who has visited the facility FA and issuing an admission certificate to the portable terminal 70 of the prospective V1. It

  Of these, [1] the process of assigning the unique identification ID to the mobile terminal 70 and [2] the process of pre-registering the information regarding the planned entrance are corresponding to the preparatory process for authenticating the prospective entrance V1. Normally, it is executed earlier than the scheduled entry date and time (for example, the day before the scheduled entry date). On the other hand, [3] the process of issuing the admission certificate to the mobile terminal 70 is executed locally (for example, at the entrance of the facility FA), and thus is usually executed on the day of the planned admission date.

[1] Process of assigning unique identification ID to mobile terminal First, a process of assigning a unique identification ID to the mobile terminal 70 will be described. The process of assigning the unique identification ID to the mobile terminal 70 is mainly configured by the following processes (1) to (5).
(1) Registration of facility information (2) Registration of visitor information (3) Installation of admission application (4) Input of attribute information of mobile terminal (5) Generation of unique identification ID In the following, the above (1) to (5) ) Will be described with reference to FIGS. 4 and 5. It should be noted that arrows (1) to (5) displayed in FIGS. 4 and 5 respectively represent flows of the processes shown in (1) to (5).

(1) Registration of Facility Information First, the system administrator M1 logs in to the authentication system 100 from the communication terminal device 50 and establishes a communication connection between the communication terminal device 50 and the system management server 10 via the Internet 40. The login can be executed by the user ID previously acquired by the system administrator M1.

  The system administrator M1 inputs facility information to the communication terminal device 50 by operating the communication terminal device 50. The facility information is information used to identify a facility scheduled to enter the building in authenticating the prospective building V1. In the facility information, a facility ID individually assigned to one or a plurality of facilities in which the authentication system 100 is operated and an ID signal transmitted by a transmitter 80 installed for each facility are associated with each other.

  The communication terminal device 50 transmits the facility information input by the system administrator M1 to the system management server 10 via the Internet 40. When the system management server 10 acquires the facility information from the communication terminal device 50, it writes the facility information in the memory 58 to register the facility information.

  FIG. 6 is a diagram showing an example of facility information registered in the system management server 10. As shown in FIG. 6, the facility ID, which is identification information for identifying the facility, and the ID signal transmitted by the transmitter 80 of each facility are associated in the form of a table.

  As described above, the transmitter 80 is an optical ID transmitter that transmits an optical ID signal. Therefore, in the facility information table of FIG. 6, the facility ID and the optical ID data individually assigned to each facility are associated with each other. The optical ID data is composed of digital data of 0 and 1, and includes data related to the corresponding facility ID.

(2) Registration of Visitor Information Returning to FIG. 4, the facility manager M2 logs in to the authentication system 100 from the communication terminal device 60 and communicates between the communication terminal device 60 and the facility management server 20 via the Internet 40. Make a connection. The login can be executed by the user ID previously acquired by the facility manager M2.

  The facility manager M2 operates the communication terminal device 60 to input the visitor information to the communication terminal device 60. The visitor information is information for identifying a person who is expected to enter the facility, and for giving a unique identifier (unique identification ID) to the portable terminal 70 owned by the person who is expected to enter the facility. Used for.

  The visitor information is attribute information of the mobile terminal 70 owned by the prospective person, and for example, the telephone number of the mobile terminal 70 can be used. In the example of FIG. 4, the facility manager M2 inputs the telephone number of the portable terminal 70 owned by the prospective person to enter V1 into the communication terminal device 60.

  The communication terminal device 60 transmits the visitor information input by the facility manager M2 to the facility management server 20 via the Internet 40. When the facility management server 20 acquires the visitor information from the communication terminal device 60, the facility management server 20 registers the visitor information by writing the visitor information in the memory 58.

  FIG. 7 is a diagram showing an example of visitor information registered in the facility management server 20. As shown in FIG. 7, the identification information (telephone number) of the portable terminal 70 owned by the prospective person entering the facility FA is shown in a table format.

  Here, in the visitor information table shown in FIG. 7, a unique identification ID is assigned to each attribute information (telephone number) of the mobile terminal 70. The unique identification ID is an identifier for identifying a person who is expected to enter the building, and is given to the mobile terminal 70 with which the communication connection with the facility management server 20 is established. In the example of FIG. 7, the unique identification ID “Visitor1” is set for the telephone number “0901234567”.

  As a result, as will be described later, when the prospective person V1 who owns the mobile terminal 70 having the telephone number “0901234567” uses the authentication system 100, the facility management server 20 sends a unique identification ID “to the mobile terminal 70. Visitor1” will be added. Then, using the unique identification ID "Visitor1" assigned to the mobile terminal 70, the person-to-be-visited person V1 is authenticated.

(3) Installation of Entrance Application Returning to FIG. 4, the prospective entrance V1 establishes a communication connection between the mobile terminal 70 and the application management server 30 via the mobile communication network 75 and the Internet 40.

  The person V1 who intends to enter the building downloads the dedicated application software (entry application) related to the reservation for entering the facility from the application management server 30 and installs this entering application in the mobile terminal 70.

(4) Input of attribute information of mobile terminal Referring to FIG. 5, when the entrance application is installed, mobile terminal 70 causes touch screen 76 to display an initial setting screen. The prospective person V1 inputs the attribute information (telephone number) of his/her mobile terminal 70 on this initial setting screen. As a result, the attribute information of the mobile terminal 70 is transmitted to the facility management server 20 via the mobile communication network 75 and the Internet 40.

(5) Generation of Unique Identification When the facility management server 20 receives the attribute information (telephone number) of the mobile terminal 70, it sends an authentication code to the received telephone number using SMS (short message service). .. Then, if it is confirmed that the authentication code is input on the mobile terminal 70 within a certain time after the transmission of the short message, it is confirmed that the mobile terminal 70 of the transmission source is the mobile terminal 70 of the prospective person V1 himself. You can authenticate. When the mobile terminal 70 is authenticated in this way, the facility management server 20 refers to the visitor information stored in the memory 58 to determine whether the prospective visitor V1 is registered in the visitor information. To judge.

  Specifically, if the telephone number of the received mobile terminal 70 is included in the visitor information table (see FIG. 7), the facility management server 20 determines that the prospective person V1 who is the owner of the mobile terminal 70 is It is determined that the person is a legitimately registered prospective admission person. The facility management server 20 generates, for the mobile terminal 70, a unique identification ID associated with the telephone number. For example, when the telephone number of the mobile terminal 70 is “0901234567”, the facility management server 20 generates the unique identification ID “Visitor1” and gives the generated unique identification ID “Visitor1” to the mobile terminal 70.

[2] Process of Registering Entrance Schedule Information in Advance Next, a process of pre-registering information regarding the schedule of entering the facility management server 20 will be described.

  As shown by an arrow (6) in FIG. 5, the facility manager M2 operates the communication terminal device 60 to input the entry schedule information into the communication terminal device 60. The scheduled entrance information is information in which a scheduled date and time when a prospective person enters the facility is associated with a unique identification ID of the portable terminal 70 of the prospective person.

  The communication terminal device 60 transmits the entry schedule information input by the facility manager M2 to the facility management server 20 via the Internet 40. When the facility management server 20 acquires the entry schedule information from the communication terminal device 60, the facility management server 20 writes the entry schedule information in the memory 58 to register the entry schedule information.

  FIG. 8 is a diagram showing an example of entry schedule information registered in the facility management server 20. In FIG. 8, the unique identification ID of the portable terminal 70 owned by the person who is going to enter the building, the facility at the entry destination, and the scheduled entry date and time are shown in association with each other. The scheduled entry date and time is composed of the date of entry and the date of exit, and the entry time and the exit time.

  In the example of FIG. 8, with respect to the unique identification ID “Visitor1”, the entry destination “facility FA”, the entry date “August 1, 2018”, the departure date “August 1, 2018”, and the entry time “9” "0:00" and the exit time "18:00" are registered. The facility at the entrance is represented by a facility ID.

  As a result, when the prospective admission person V1 who owns the portable terminal 70 to which the unique identification ID “Visitor1” is given visits the facility FA, the facility management server 20 compares the unique identification ID “Visitor1” with the admission schedule information. Then, it is determined whether or not the prospective admission person V1 is scheduled to enter the facility FA.

[3] Process of Issuing Admission Certificate Next, the process of issuing an admission certificate to the mobile terminal 70 will be described. The process of issuing the admission certificate to the mobile terminal 70 is mainly configured by the following processes (7) to (11).
(7) Reception of optical ID signal (8) Transmission of optical ID data (9) Acquisition of facility ID (10) Transmission of unique identification ID and facility ID (11) Identification of person and issuance of admission certificate ) To (11) will be described with reference to FIG. It should be noted that arrows (7) to (11) displayed in FIG. 9 represent the flows of the processes shown in (7) to (11).

(7) Reception of optical ID signal On the day of the planned entrance day, when the prospective entrance person V1 visits the entrance of the facility FA, he/she operates his/her own mobile terminal 70 to activate the pre-installed entrance application. When the entrance application is activated, a communication connection is established between the mobile terminal 70 and the system management server 10 and facility management server 20 via the mobile communication network 75 and the Internet 40.

  The prospective person V1 turns the mobile terminal 70 toward the transmitter 80 installed near the entrance of the facility FA. As a result, the mobile terminal 70 acquires the optical ID signal from the transmitter 80 using the camera 82.

  FIG. 10 shows an example of a display screen on the mobile terminal 70. With reference to FIG. 10(A), a home screen is displayed on the touch screen 76 of the portable terminal 70 owned by the person V1 who intends to enter the building. The home screen includes the icon App1 of the admission application.

  When the person V1 who intends to enter the facility FA taps the icon App1 on the touch screen 76 to activate the admission application, the activation screen of the admission certificate display process shown in FIG. 10B is displayed on the touch screen 76. Displayed in. In the example of FIG. 10B, a startup screen is displayed in the center of the touch screen 76, and a support icon related to the admission certificate display processing (for example, “Admission procedure method”, “Notification” is displayed below the startup screen. , "Terms of Service") are displayed side by side. When the person V1 planning to enter taps the icon labeled "Admission procedure method", the display screen of the touch screen 76 is switched from the activation screen to a screen for explaining a specific procedure of the admission procedure. When the person planning to enter the building V1 taps the icon labeled "Notice", the display screen switches from the startup screen to a screen for displaying guidance from the facility FA. When the person planning to enter the building V1 taps on the icon labeled "Terms of Use", the display screen switches from the startup screen to a screen explaining the terms of use of the entrance application.

  When the person V1 planning to enter the building taps the start screen of FIG. 10B, the camera 82 of the mobile terminal 70 is started. As a result, the captured image of the camera 82 is displayed on the display screen. As shown in FIG. 10C, on the touch screen 76, a message “Please hold up to the light” and an image showing the rectangular frame F1 are displayed together with the image captured by the camera 82.

  The prospective person V1 turns the mobile terminal 70 toward the transmitter 80 and puts the transmitter 80 in the frame F1 on the touch screen 76. By capturing the image of the transmitter 80 with the camera 82 in this state, the mobile terminal 70 can receive the optical ID signal transmitted from the transmitter 80.

(8) Transmission of Optical ID Data Upon receiving the optical ID signal from the transmitter 80, the mobile terminal 70 extracts the optical ID data included in the optical ID signal, and extracts the extracted optical ID data from the mobile communication network 75 and the Internet. It transmits to the system management server 10 via 40.

(9) Acquisition of facility information The system management server 10 compares the optical ID data received from the mobile terminal 70 with the facility information (see FIG. 6) stored in the memory 58, and the prospective person V1 is visiting the facility. Identify the facility. In the example of FIG. 9, the system management server 10 determines that the prospective person V1 is visiting the facility FA based on the optical ID data.

  The system management server 10 transmits information indicating the specified facility to the mobile terminal 70 via the Internet 40 and the mobile communication network 75. The facility ID of the facility can be used as the facility information. The mobile terminal 70 acquires the facility ID (“111”) of the facility FA by receiving the signal from the system management server 10.

(10) Transmission of Unique Identification ID and Facility Information The mobile terminal 70 transmits the facility ID of the facility FA and its own unique identification ID to the facility management server 20 via the mobile communication network 75 and the Internet 40.

(11) Identity authentication and issuance of admission certificate When the facility management server 20 acquires the unique identification ID of the mobile terminal 70 and the facility ID of the facility FA, the admission schedule information stored in the memory 58 (see FIG. 8). ), it is determined whether the person who plans to enter, who is the owner of the portable terminal 70, is going to enter the facility FA.

  Specifically, when the unique identification ID of the portable terminal 70 of the prospective entrance V1 is “Visitor1”, the prospective entrance V1 of the prospective entrance V1 is 9:00 on August 1, 2018 according to the admission schedule information in FIG. It is scheduled to enter the facility FA from ~18:00.

  Therefore, the facility management server 20 will enter the facility if the date and time when the prospective person V1 visits the facility FA is included in a predetermined time zone including 9:00 to 18:00 on August 1, 2018. It is determined that the person V1 is planning to enter the facility FA on the day. The predetermined time period can be set to have a width of several minutes before the scheduled entry time of 9:00 and after the scheduled exit time of 18:00.

  When it is determined that the prospective admission person V1 is planning to enter the facility FA on the day, the facility management server 20 allows the portable terminal 70 of the prospective admission person V1 to enter the facility FA for admission. To issue. FIG. 10D shows an example of the display screen of the mobile terminal 70. As shown in FIG. 10D, the admission certificate C1 is displayed on the touch screen 76 of the mobile terminal 70. The admission certificate C1 is, for example, a QR code (registered trademark). Identification information (admission ID) for identifying the admission certificate C1 is registered in the QR code. The admission certificate C1 is used as an identification card when the prospective admission person V1 enters the facility FA or when the prospective admission person V1 leaves the facility FA.

  On the other hand, if the day the prospective person V1 visits the facility FA is a day other than August 1, 2018, the facility management server 20 does not plan that the prospective person V1 will enter the facility FA on the day. To determine. In this case, the facility management server 20 sends an error message notifying that there is no plan to enter the building to the portable terminal 70 of the prospective building V1.

  Alternatively, the facility management server 20 allows the prospective person V1 to enter the facility FA on the day even when the prospective person V1 visits the facility FA on August 1, 2018, but is not in a predetermined time zone. It is determined that there is no schedule, and an error message is transmitted to the portable terminal 70 of the prospective person V1. The error message is displayed on the touch screen 76 of the mobile terminal 70.

  When the authentication process described above is performed and the admission certificate C1 is issued to the mobile terminal 70, the prospective admission person V1 can enter the facility FA using the admission certificate C1. FIG. 11 shows a flow of entering the facility FA of the prospective person V1.

  Referring to FIG. 11, a reader 65 for reading the admission certificate C1 is installed at the entrance of the facility FA. The reader 65 is installed, for example, at a security gate 67 provided at the entrance. The security gate 67 is a device for restricting unauthorized entry of unauthorized persons into the facility FA. Therefore, only those who are determined to have the entrance plan can enter the facility FA from the entrance side through the security gate 67.

  When the admission certificate C1 is a QR code, a QR code reader capable of optically reading the QR code displayed on the touch screen 76 of the mobile terminal 70 is used as the reader 65. The QR code reader has an optical reader (scanner or camera) and a decoder that decodes and outputs a QR code included in the read optical data.

  The reader 65 is connected to the communication terminal device 60. As shown by an arrow (12) in the figure, when the prospective person V1 holds the touch screen 76 of the portable terminal 70 over the reader 65, the reader 65 reads the entrance certificate C1 displayed on the touch screen 76 and reads the QR. The code is decoded and output to the communication terminal device 60. The communication terminal device 60 transmits the output signal of the reader 65 to the facility management server 20 (see arrow (13) in the figure).

  The facility management server 20 controls the security gate 67 to be in the open state when the entrance certificate ID included in the output signal of the reader 65 is valid. As a result, the prospective person V1 can pass through the security gate 67. Even when the user exits the facility FA, the prospective person V1 enters the exit certificate C1 displayed on the touch screen 76 of the mobile terminal 70, which is a reader (not shown) provided separately from the reader 65. By passing it over, it is possible to pass through the security gate 67.

  On the other hand, when the entrance certificate ID included in the output signal of the reader 65 is not authentic, the facility management server 20 transmits an error signal to the reader 65 via the communication terminal device 60. As a result, the security gate 67 is maintained in the closed state. Therefore, a person who intends to enter the building holding the portable terminal 70 having an unauthorized admission certificate over the reader 65 cannot pass through the security gate 67.

  Furthermore, the facility management server 20 can set the valid period of the admission certificate C1 based on the admission schedule information registered in the memory 58. The valid period of the admission certificate C1 is set to include the period from the scheduled entrance time to the scheduled exit time. The facility manager M2 can change the valid period of the admission certificate C1 set by the facility management server 20 by operating the communication terminal device 60.

  The facility management server 20 can invalidate the entrance certificate C1 issued to the mobile terminal 70 when the set validity period of the entrance certificate C1 has passed. Therefore, when the prospective admission person V1 attempts to enter the facility FA using the admission certificate C1 after the valid period, the facility management server 20 confirms that the admission certificate ID included in the output signal of the reader 65 is valid. Even, the error signal is transmitted to the reader 65. As a result, the prospective person V1 cannot pass through the security gate 67.

  In addition, the facility management server 20, based on the output signal of the reader 65, the actual entry and exit times such as the time when the prospective person V1 enters the facility FA and the time when the prospective person V1 leaves the facility FA. Can be managed. The facility management server 20 registers, in the memory 58, information indicating the record of entrance and exit of each prospective person.

  The facility management server 20 can further exchange data with the mobile terminal 70 via the mobile communication network 75 and the Internet 40, as indicated by an arrow (14) in the figure. As a result, the person V1 who is expected to enter the building can search the history of past entry and exit from the facility FA by operating the entry application on the mobile terminal 70. Alternatively, the prospective admission person V1 can refer to future admission schedules by operating the admission application of the mobile terminal 70 to access the facility management server 20.

(Procedure of personal authentication processing by the authentication system 100)
FIG. 12 and FIG. 13 are sequence diagrams illustrating the procedure of the person authentication process by authentication system 100 according to the present embodiment.

  The steps shown in FIGS. 12 and 13 are executed by the system management server 10, the facility management server 20, the communication terminal devices 50 and 60, and the mobile terminal 70 that form the authentication system 100. 12 and 13 also include the work performed by the system administrator M1 who operates the communication terminal device 50, the facility administrator M2 who operates the communication terminal device 60, and the person V1 who plans to enter the facility who operates the mobile terminal 70. Is shown. The processes (1) to (13) surrounded by broken lines in FIGS. 12 and 13 correspond to the processes (1) to (13) shown in FIGS. 4, 5, 9 and 11, respectively. ing.

  With reference to FIG. 12, first, when the system administrator M1 logs in to the authentication system 100 by inputting login information from the operation unit of the communication terminal device 50, the system administrator M1 operates the communication terminal device 50 to operate the facility information (see FIG. 6) is input (S1).

  The communication terminal device 50 transmits the facility information input by the system administrator M1 to the system management server 10 via the Internet 40 (S2). Upon acquiring the facility information from the communication terminal device 50, the system management server 10 writes the facility information in the memory 58 to register the facility information (S3).

  Next, when the facility manager M2 logs in to the authentication system 100 from the operation unit of the communication terminal device 60, the facility manager M2 operates the communication terminal device 60 to input the visitor information (see FIG. 7) (S4). The communication terminal device 60 transmits the visitor information input by the facility manager M2 to the facility management server 20 via the Internet 40 (S5). When the facility management server 20 acquires the visitor information from the communication terminal device 60, the facility management server 20 registers the visitor information by writing the visitor information in the memory 58 (S6).

  Next, the person V1 who intends to enter the building downloads the entry application from the application management server 30 and installs this entry application in the mobile terminal 70 (S7).

  When the initial setting screen is displayed on the touch screen 76 of the mobile terminal 70, the prospective person V1 inputs the attribute information (telephone number) of his/her mobile terminal 70 on the initial setting screen (S8). The mobile terminal 70 transmits the attribute information (telephone number) to the facility management server 20 via the mobile communication network 75 and the Internet 40 (S9).

  Upon receiving the attribute information (telephone number) of the mobile terminal 70, the facility management server 20 authenticates the mobile terminal 70 of the prospective person V1 by transmitting the authentication code to the telephone number using SMS. When the mobile terminal 70 is authenticated, the facility management server 20 refers to the visitor information (see FIG. 7) stored in the memory 58, and the attribute information (telephone number) of the received mobile terminal 70 enters the building. It is determined whether or not the person information is included. If the attribute information of the mobile terminal 70 is included in the visitor information, the facility management server 20 determines that the owner of the mobile terminal 70 is a legitimately registered person who is expected to enter the building (S10). Therefore, the facility management server 20 generates a unique identification ID associated with the attribute information (telephone number) for the mobile terminal 70 (S11), and transmits the generated unique identification ID to the mobile terminal 70 (S12). ). Accordingly, the mobile terminal 70 acquires the unique identification ID (S13).

  In the communication terminal device 60, the facility manager M2 inputs an entry schedule information (see FIG. 8) (S4). The communication terminal device 60 transmits the entry schedule information input by the facility manager M2 to the facility management server 20 via the Internet 40 (S15). When the facility management server 20 acquires the entry schedule information from the communication terminal device 60, it writes the entry schedule information in the memory 58 to register the entry schedule information (S16).

  Referring to FIG. 13, when the planned entrance person V1 visits the entrance of the facility FA on the day of the planned entrance day, he/she operates his/her mobile terminal 70 to activate the entrance application (S17).

  The transmitter 80 installed near the entrance of the facility FA transmits an optical ID signal unique to the facility FA (S18). When the person V1 who intends to enter the building turns the mobile terminal 70 toward the transmitter 80, the mobile terminal 70 receives the optical ID signal transmitted by the transmitter 80 using the camera 82 (S19).

  Upon receiving the optical ID signal, the mobile terminal 70 extracts the optical ID data included in the optical ID signal, and transmits the extracted optical ID data to the system management server 10 via the mobile communication network 75 and the Internet 40. Yes (S20). The system management server 10 identifies the facility (facility ID) visited by the prospective person V1 by comparing the optical ID data received from the mobile terminal 70 with the facility information (see FIG. 6) stored in the memory 58. (S21). The system management server 10 transmits the facility ID of the identified facility FA to the mobile terminal 70 via the Internet 40 and the mobile communication network 75 (S22).

  Upon receiving the facility ID of the facility FA from the system management server 10, the mobile terminal 70 transmits the facility ID and the unique identification ID to the facility management server 20 via the mobile communication network 75 and the Internet 40 (S23). ).

  When the facility management server 20 acquires the unique identification ID of the mobile terminal 70 and the facility ID of the facility FA, the facility management server 20 determines that the prospective person V1 will enter the facility FA according to the facility entry information (see FIG. 8) stored in the memory 58. Determine if you plan to enter. When it is determined that the person V1 who is planning to enter the building is scheduled to enter the facility FA on the day (S24), the facility management server 20 issues an admission certificate (QR code) to the mobile terminal 70 of the person V1 who is planning to enter ( S25).

  The facility management server 20 transmits the admission certificate to the mobile terminal 70 (S26). The mobile terminal 70 displays the received admission certificate on the touch screen 76 (S27).

  When entering the facility FA, the prospective person V1 holds the entrance certificate displayed on the touch screen 76 of the mobile terminal 70 over the reader 65 installed at the entrance of the facility FA. The reader 65 reads the entrance certificate displayed on the touch screen 76, decodes the read entrance certificate, and outputs it to the communication terminal device 60 (S29). The communication terminal device 60 transmits the output signal of the reader 65 to the facility management server 20.

  The facility management server 20 controls the security gate 67 to be in the open state when the unique identification ID included in the output signal of the reader 65 is valid. As a result, the prospective person V1 can pass through the security gate 67. The facility management server 20 further registers, in the memory 58, information indicating the time when the prospective person V1 actually entered the facility FA (S30). After that, the facility management server 20 manages the record of entry/exit of the prospective entry person V1 to/from the facility FA based on the output signal of the reader 65.

(Processing flow)
FIG. 14 is a flowchart for explaining the process executed in the facility management server 20.

  Referring to FIG. 14, first, in step S40, the facility management server 20 communicates with the communication terminal device 60 via the Internet 40, so that the facility management server 20 inputs the visitor information (see FIG. 7). ) To get. The facility management server 20 writes the acquired visitor information in the memory 58 to register the visitor information.

  Next, the facility management server 20 determines whether the attribute information (telephone number) of the mobile terminal 70 is received in step S41. When the attribute information of the mobile terminal 70 is not received (NO determination in S41), the facility management server 20 ends the process.

  On the other hand, when the attribute information of the mobile terminal 70 is received (when YES is determined in S41), the facility management server 20 proceeds to step S42 and uses SMS to transmit the authentication code to the received telephone number. As a result, the portable terminal 70 of the prospective person is authenticated. When the mobile terminal 70 is authenticated, the facility management server 20 refers to the visitor information stored in the memory 58 to include the attribute information (telephone number) of the received mobile terminal 70 in the visitor information. Is determined.

  If the attribute information of the mobile terminal 70 is included in the visitor information in step S42 (when YES is determined in S42), the facility management server 20 is a person who is a person who is expected to enter the building, in which the owner of the mobile terminal 70 has been officially registered. To determine. In this case, the facility management server 20 generates the unique identification ID associated with the attribute information (telephone number) for the mobile terminal 70 in step S43, and gives the created unique identification ID to the mobile terminal 70. .. Thereby, the mobile terminal 70 acquires the unique identification ID.

  Next, the facility management server 20 acquires the entry schedule information (see FIG. 8) input by the facility manager M2 by communicating with the communication terminal device 60 via the Internet 40 in step S44. The facility management server 20 registers the entry schedule information by writing the obtained entry schedule information in the memory 58.

  Next, the facility management server 20 determines whether the facility ID and the unique identification ID of the mobile terminal 70 have been received from the mobile terminal 70 in step S45. When the facility ID and the unique identification ID are received (when YES is determined in S45), the facility management server 20 proceeds to step S46, and the prospective person enters the facility in light of the planned entrance information stored in the memory 58. It is determined whether there is a plan to do.

  When it is determined that the person planning to enter the facility plans to enter the facility on the day (when YES is determined in S48), the facility management server 20 proceeds to step S47 and advances the admission certificate (QR to the portable terminal 70 of the person planning to enter the facility). Issue code). The facility management server 20 transmits the admission certificate to the mobile terminal 70.

  On the other hand, when it is determined that the person planning to enter the facility does not plan to enter the facility on the day (NO in S48), the facility management server 20 proceeds to step S51 and transmits an error message to the portable terminal 70 of the person planning to enter the facility. To do.

  After issuing the admission certificate in step S47, the facility management server 20 sets the valid period of the admission certificate based on the scheduled admission date and time of the prospective admission person in step S48. The facility management server 20 determines whether or not the admission certificate is within the valid period in step S49. If the admission certificate is within the valid period, the process ends. On the other hand, if the admission certificate has passed the valid period (when NO is determined in S49), the facility management server 20 invalidates the admission certificate in step S50. Further, the facility management server 20 transmits an error message to the mobile terminal 70 in step S51.

  Note that steps S40 to S44 in the flowchart of FIG. 14 correspond to the initial setting process of registering the information necessary for performing personal authentication. On the other hand, steps S45 to S51 correspond to the personal authentication process, and are executed each time a prospective person enters the facility.

  FIG. 15 is a flowchart for explaining the process executed by the mobile terminal 70. The process illustrated in FIG. 15 is a process executed by installing the entrance application on the mobile terminal 70.

  Referring to FIG. 15, first, when the entrance application is installed (S60), mobile terminal 70 causes touch screen 76 to display the initial setting screen in step S61. In step S62, the mobile terminal 70 determines whether or not the attribute information (telephone number) of the mobile terminal 70 is input to this initial setting screen.

  When the attribute information of the mobile terminal 70 is input to the initial setting screen (at the time of YES determination in S62), the mobile terminal 70 proceeds to step S63 and transmits the input attribute information via the mobile communication network 75 and the Internet 40. And transmits it to the facility management server 20. When the authentication code is received from the facility management server 20 after transmitting the attribute information, the mobile terminal 70 displays the authentication code input screen on the touch screen 76. When the authentication code is input on this input screen, the mobile terminal 70 transmits the input authentication code to the facility management server 20.

  Next, the mobile terminal 70 determines whether the unique identification ID of the mobile terminal 70 is received from the facility management server 20 in step S64. When the unique identification ID is not received (NO determination in S64), the mobile terminal 70 proceeds to step S72 and displays the error message transmitted from the facility management server 20 on the touch screen 76.

  On the other hand, when the unique identification ID is received in step S64 (YES determination in S64), the mobile terminal 70 proceeds to step S65 and determines whether or not the entrance application is activated. If the entrance application is not activated (NO in S65), the mobile terminal 70 ends the process.

  When the entrance application is activated (when YES is determined in S65), the mobile terminal 70 subsequently determines in step S66 whether or not the optical ID signal is received from the transmitter 80. Upon receiving the optical ID signal from the transmitter 80 (at the time of YES determination in S66), the mobile terminal 70 proceeds to step S67 and transmits the optical ID data of the received optical ID signal via the mobile communication network 75 and the Internet 40. , To the system management server 10. If the optical ID signal is not received (NO at S66), the mobile terminal 70 ends the process.

  Next, in step S68, the mobile terminal 70 determines whether the facility ID is received from the system management server 10 via the Internet 40 and the mobile communication network 75. When the facility ID is received from the system management server 10 (when YES is determined in S68), the mobile terminal 70 proceeds to step S69 and sends the facility ID and the unique identification ID to the facility via the mobile communication network 75 and the Internet 40. It is transmitted to the management server 20. On the other hand, if the facility ID has not been received (NO in S68), the mobile terminal 70 proceeds to step S72 to display the error message transmitted from the facility management server 20 on the touch screen 76.

  Next, the mobile terminal 70 determines whether the entrance certificate (QR code) is issued by the facility management server 20 in step S70. If the admission certificate has been issued (YES at S70), the portable terminal 70 displays the issued admission certificate on the touch screen 76 in step S71. On the other hand, if the admission certificate has not been issued (NO in S70), the mobile terminal 70 proceeds to step S72 and displays the error message transmitted from the facility management server 20 on the touch screen 76.

  Note that steps S60 to S64 in the flowchart of FIG. 15 correspond to the initial setting process for acquiring the unique identification ID used for personal authentication. On the other hand, steps S65 to S72 correspond to the personal authentication process, and are executed each time a prospective person enters the facility.

  As described above, according to the authentication system 100 according to the present embodiment, the portable terminal 70 owned by the person who is going to enter the facility on the day of the scheduled entry date, and the server device (the system management server 10 and the facility management). By communicating with the server 20), the person who is going to enter the building is authenticated, and the building certificate is issued to the mobile terminal 70. That is, the admission certificate is issued only when the prospective admission person visits the facility on the day of the admission date. According to this, compared to the mechanism of issuing an admission certificate before the scheduled admission date, it is possible to avoid unauthorized use in which the admission certificate is illegally copied and distributed to third parties other than the planned admission. it can.

  Further, in the authentication system 100 according to the present embodiment, when the attribute information (for example, telephone number) of the portable terminal 70 of the person who is going to enter the building is registered in the server device (facility management server 20), the server device is associated with this attribute information. Is generated to generate a unique identification ID, and the generated unique identification ID is given to the mobile terminal 70. According to this, the prospective admission person is authenticated using the unique identification ID uniquely generated by the server device regardless of the personal information of the prospective admission person. No need to register personal information such as address and address. Therefore, for example, it is possible to reduce the risk that such personal information is leaked from the server device due to unauthorized access to the server device.

  Furthermore, the unique identification ID given to the mobile terminal 70 is merely exchanged between the server device and the mobile terminal 70, and even a person who plans to operate the mobile terminal 70 cannot see the unique identification ID. .. Therefore, even the person who is planning to enter the building cannot access the server device from a mobile terminal other than the mobile terminal registered in the server device. Therefore, illegal use of the unique identification ID can be suppressed.

  As a result, according to the authentication system 100 according to the present embodiment, it is possible to enhance the security for entering the facility and accessing the server device.

  Furthermore, according to the authentication system 100 according to the present embodiment, a person who plans to enter the facility on the day of the scheduled entry day can activate the admission application installed in the mobile terminal 70 to activate the mobile terminal 70 and the server device. Personal data is automatically authenticated by exchanging data with. Therefore, a person who is expected to enter the building is not required to perform an operation for personal authentication, so that the convenience of the person who is expected to enter the building can be improved.

  Further, in the server device, it is possible to set the valid period of the admission certificate based on the scheduled entry date and time of the prospective person, and to change the set valid period. According to this, it is possible to improve the operability of the administrator who manages the entrance and exit of the facility.

  Further, in authentication system 100 according to the present embodiment, transmitter 80 that transmits an ID signal unique to a facility employs an optical ID transmitter that transmits an optical ID signal. It is not necessary to install a communication network in the facility for communicatively connecting and. Therefore, the operating cost of the authentication system can be reduced.

<Other configuration examples>
Another configuration example of authentication system 100 according to the present embodiment will be described. Here, a changeable portion of the configuration of authentication system 100 according to the above-described embodiment will be described.

(A) Concept of Facility In the above-described embodiment, the processing for authenticating the person who enters the facility has been described. However, the authentication system of the present invention is the authentication of the person who enters each section of the facility. Can also be applied to. Specifically, a transmitter 80 that transmits a unique ID signal is installed for each section, and the section is specified from the ID signal received by the mobile terminal 70. Then, when it is determined that there is a plan to enter the specified section, the entrance certificate to the section is issued to the mobile terminal 70. According to this, it is possible to further strengthen the security for entering and leaving the facility.

(B) Regarding Attribute Information of Mobile Terminal In the above-described embodiment, the configuration in which the telephone number of the mobile terminal 70 is used as the attribute information of the mobile terminal 70 used to generate the unique identification ID has been described. Is any information that can identify the mobile terminal, and for example, the mail address of the mobile terminal 70 can also be used. Even in this case, the server device authenticates the portable terminal 70 of the person who is going to enter the building by sending the authentication code to the mail address, and gives the authenticated portable terminal 70 a unique identification ID. You can However, since the telephone number is unique to each mobile terminal and cannot be shared by multiple mobile terminals, the unique identification ID is given only to the mobile terminal with the telephone number registered in the visitor information, There is an advantage that the unique identification ID can be prevented from being diverted by other mobile terminals.

(C) Regarding ID Signal Providing Device (C-1) In the above-described embodiment, the transmitter 80 that transmits the ID signal is illustrated as the “providing device” that provides the ID signal unique to the facility. The transmitter 80 is installed in each facility and is configured to transmit an ID signal unique to the corresponding facility. Therefore, the transmitter 80 is not limited to an optical ID transmitter that transmits an optical ID signal, and is configured to enable near field communication (NFC) as shown in FIG. 16, for example. It is also possible to use a transmitter 80.

  In the example of FIG. 16, the mobile terminal 70 is an NFC-compatible smartphone. The person V1 who has planned to enter the facility FA activates the entrance application and brings the mobile terminal 70 closer to the transmitter 80, so that communication can be started between the mobile terminal 70 and the transmitter 80. When the mobile terminal 70 receives the ID signal from the transmitter 80, the mobile terminal 70 extracts the ID data included in the received ID signal, and transmits the extracted ID data to the system management server 10 via the mobile communication network 75 and the Internet 40. Send.

  (C-2) Although the transmitter 80 that transmits the ID signal unique to the facility is illustrated as the “providing device” in the above-described embodiment, a display device that displays the ID signal is applied instead of the transmitter 80. It is also possible to do so.

  Specifically, as shown in FIG. 17, the display device 80A is installed near the entrance of each facility and is configured to display an ID signal unique to the corresponding facility. The ID signal displayed by the display device 80A can be composed of, for example, a QR code, a specific character string (password), or a specific image. The display device 80A corresponds to an example of “providing device”.

  When the ID signal is a QR code and the person V1 who plans to enter the building activates the entry application, the camera of the mobile terminal 70 is activated. The mobile terminal 70 can read the QR code by the person V1 planning to enter the mobile terminal 70 toward the display device 80A by the camera. When the mobile terminal 70 reads the QR code, it extracts the ID data included in the QR code and transmits the extracted ID data to the system management server 10 via the mobile communication network 75 and the Internet 40.

  If the ID signal is a password and the prospective entrance V1 activates the entrance application, a character input screen for receiving the input of the character string is displayed on the touch screen of the mobile terminal 70. The person V1 who intends to enter the building inputs a specific character string displayed on the display device 80A from the character input screen. Upon receiving the input of the character string, the mobile terminal 70 extracts the ID data included in the character string and transmits the extracted ID data to the system management server 10 via the mobile communication network 75 and the Internet 40.

  In the case where the ID signal is composed of specific characters and/or images, when the prospective entrance V1 activates the entrance application, the camera of the mobile terminal 70 is activated. The mobile terminal 70 can acquire the information of specific characters and/or images by the person V1 planning to enter the mobile terminal 70 toward the display device 80A with a camera. The mobile terminal 70 transmits the acquired information of specific characters and/or images as ID data to the system management server 10 via the mobile communication network 75 and the Internet 40.

  In the configuration examples shown in FIGS. 16 and 17, the QR code, the password, the image, etc. are of a so-called one-time type whose contents are changed every certain time and can be used only once. You may comprise. According to this, it is possible to prevent the ID signal from being illegally copied and misused.

  (C-3) In the above-described embodiment and the configuration examples shown in FIGS. 16 and 17, the transmitter 80 or the display device 80A installed in the facility is shown as the “providing device”. According to this, the prospective admission person V1 can obtain the ID signal for the first time when he visits the facility on the day of the scheduled admission date, and can be authenticated by the facility management server 20.

  As described above, the "providing device" is only required to be able to provide an ID signal unique to the facility when the prospective person V1 visits the facility. Therefore, for example, as shown in FIG. 18, a GPS (Global Positioning System) function may be used to provide the ID signal to the prospective entrance V1 who has visited the facility. The GPS function is a function of communicating with a GPS satellite and acquiring information (hereinafter, also referred to as position information) on the position (position based on latitude, longitude, altitude, etc.) of the mobile terminal.

  In the example of FIG. 18, when the prospective entrance V1 who has visited the facility FA activates the entrance application, the mobile terminal 70 receives the position information indicating the position of the own device from the GPS satellite 80B. The position information of the facility FA is included in the position information received by the mobile terminal 70. Therefore, the position information received from the GPS satellite 80B can be an ID signal unique to the facility FA. The mobile terminal 70 transmits the received position information as ID data to the system management server 10 via the mobile communication network 75 and the Internet 40.

  In the configuration examples illustrated in FIGS. 16 to 18, the system management server 10 compares the ID data received from the mobile terminal 70 with the facility information stored in the memory, and confirms that the prospective person V1 visits the facility (facility). ID) is specified. Then, the system management server 10 transmits the facility ID of the identified facility FA to the mobile terminal 70 via the Internet 40 and the mobile communication network 75.

  Upon receiving the facility ID from the system management server 10, the mobile terminal 70 transmits the facility ID and the unique identification ID to the facility management server 20 via the mobile communication network 75 and the Internet 40. When the facility management server 20 acquires the unique identification ID of the mobile terminal 70 and the facility ID of the facility FA, the prospective admission person V1 plans to enter the facility FA in light of the admission schedule information stored in the memory 58. Determine if there is. When it is determined that the prospective person V1 is planning to enter the facility FA on the day, the facility management server 20 issues an admission certificate (QR code) to the portable terminal 70 of the prospective person V1. The mobile terminal 70 displays the admission certificate received from the facility management server 20 on the touch screen.

  The embodiments disclosed this time are to be considered as illustrative in all points and not restrictive. The scope of the present invention is shown not by the above description but by the claims, and is intended to include meanings equivalent to the claims and all modifications within the scope.

  10 server device (system management server), 20 server device (facility management server), 30 server device (application management server), 40 Internet, 50, 60 communication terminal device, 52 display unit, 58, 84 memory, 54, 74 CPU , 56, 88 communication I/F, 62 ROM, 64 RAM, 65 reader, 66 HDD, 72 memory I/F, 73 memory card, 67 security gate, 70 mobile terminal, 75 mobile communication network, 76 touch screen, 76a Display, 76b touch panel, 78 speaker, 80 transmitter, 80A display device, 80B GPS satellite, 82 camera, 86 button, 100 authentication system, C1 admission certificate, M1 system administrator, M2 facility administrator, V1 prospective person, FA Facility, App1 admission application.

Claims (10)

An authentication system that authenticates the person who is planning to enter the facility,
A server device that communicates with a portable terminal owned by the prospective person via a network;
A communication terminal device that is communicatively connected to the server device via the network;
A providing device installed in the facility for providing an ID signal unique to the facility;
The mobile terminal is configured to be able to acquire the ID signal in a designated area in which the providing device of the facility is installed,
The server device has a storage unit for storing facility information, visitor information, and entry schedule information transmitted from the communication terminal device,
The facility information is information in which the identification information of the facility and the ID signal are associated with each other,
The visitor information is attribute information of the mobile terminal,
The planned entrance information is information in which the planned date and time when the prospective person enters the facility and the unique identifier of the mobile terminal are associated with each other,
The server device is configured to give the unique identifier to the mobile terminal registered in the visitor information by communicating with the mobile terminal before the scheduled date and time,
When the person planning to enter the facility visits the facility, the server device
By communicating with the portable terminal, the ID signal acquired by the portable terminal from the providing device is compared with the facility information to identify the facility,
By comparing the unique identifiers of the identified facility and the mobile terminal with the admission schedule information, it is determined whether the prospective admission person plans to enter the facility,
An authentication system that issues an admission certificate to the mobile terminal when it is determined that the prospective admission person plans to enter the facility.   The server device sets a valid period of the admission certificate based on the admission schedule information, and invalidates the admission certificate held by the mobile terminal when the valid period expires. Authentication system. The providing device includes a transmitter that transmits the ID signal,
The transmitter transmits an optical ID signal unique to the facility,
The mobile terminal has an image capturing unit, receives the optical ID signal by capturing the optical ID signal with the image capturing unit,
The authentication system according to claim 1, wherein the server device identifies the facility by illuminating the optical ID signal received by the mobile terminal with the facility information. The providing device includes a display device for displaying the ID signal,
The mobile terminal is configured to be able to receive an input of the ID signal displayed on the display device,
The authentication system according to claim 1, wherein the server device specifies the facility by illuminating the facility signal with the ID signal received by the mobile terminal. An authentication system that authenticates the person who is planning to enter the facility,
A server device that communicates with a portable terminal owned by the prospective person via a network;
A communication terminal device communicatively connected to the server device via the network,
The mobile terminal is configured to be able to acquire an ID signal unique to the facility within a designated area of the facility,
The server device has a storage unit for storing facility information, visitor information, and entry schedule information transmitted from the communication terminal device,
The facility information is information in which the identification information of the facility and the ID signal are associated with each other,
The visitor information is attribute information of the mobile terminal,
The planned entrance information is information in which the planned date and time when the prospective person enters the facility and the unique identifier of the mobile terminal are associated with each other,
The server device is configured to give the unique identifier to the mobile terminal registered in the visitor information by communicating with the mobile terminal before the scheduled date and time,
When the person planning to enter the facility visits the facility, the server device
By communicating with the mobile terminal, the ID signal acquired by the mobile terminal is compared with the facility information to identify the facility,
In light of the unique identifiers of the facility and the mobile terminal that have been identified, it is determined whether or not the prospective person is planning to enter the facility,
An authentication system that issues an admission certificate to the portable terminal when it is determined that the prospective admission person plans to enter the facility. In an authentication system for authenticating a person who is expected to enter the facility, a server device that communicates via a network with a mobile terminal owned by the person who is expected to enter the facility and a communication terminal device operated by the administrator of the facility. hand,
The mobile terminal is configured to be able to acquire an ID signal unique to the facility within a designated area of the facility,
The server device is
A storage unit for storing facility information, visitor information, and admission schedule information transmitted from the communication terminal device,
A control unit configured to control the operation of the server device,
The facility information is information in which the identification information of the facility and the ID signal are associated with each other,
The visitor information is attribute information of the mobile terminal,
The planned entrance information is information in which the planned date and time when the prospective person enters the facility and the unique identifier of the mobile terminal are associated with each other,
The control unit is configured to give the unique identifier to the mobile terminal registered in the visitor information by communicating with the mobile terminal before the scheduled date and time,
When the person planning to enter the facility visits the facility, the control unit
By communicating with the mobile terminal, the ID signal acquired by the mobile terminal is compared with the facility information to identify the facility,
By comparing the unique identifiers of the identified facility and the mobile terminal with the admission schedule information, it is determined whether the prospective admission person plans to enter the facility,
A server device that issues an admission certificate to the mobile terminal when it is determined that the prospective admission person plans to enter the facility.   The control unit sets an effective period of the admission certificate based on the admission schedule information, and invalidates the admission certificate held by the mobile terminal when the effective period has expired. Server device. In an authentication system for authenticating a person who is expected to enter the facility, an authentication program executed by a processor of a server device that communicates with a portable terminal owned by the person who is expected to enter through a network,
The mobile terminal is configured to be able to acquire an ID signal unique to the facility within a designated area of the facility,
Comprising a step of storing facility information, visitor information, and entry schedule information transmitted from a communication terminal device connected to the network and operated by a manager of the facility,
The facility information is information in which the identification information of the facility and the ID signal are associated with each other,
The visitor information is attribute information of the mobile terminal,
The planned entrance information is information in which the planned date and time when the prospective person enters the facility and the unique identifier of the mobile terminal are associated with each other,
A step of giving the unique identifier to the mobile terminal registered in the visitor information by communicating with the mobile terminal before the scheduled date and time;
A step of identifying the facility by comparing the ID signal acquired by the mobile terminal with the facility information by communicating with the mobile terminal when the prospective person visits the facility;
A step of judging whether or not the prospective admission person plans to enter the facility by comparing the specified facility and the unique identifier of the mobile terminal with the admission schedule information;
An authentication program, comprising the step of issuing an admission certificate to the mobile terminal when it is determined that the prospective admission person plans to enter the facility.   9. The method according to claim 8, further comprising the step of setting a valid period of the admission certificate based on the admission schedule information, and invalidating the admission certificate held by the mobile terminal when the valid period has expired. Certification program. In an authentication system for authenticating a person who is expected to enter the facility, an authentication program to be executed by a processor of a portable terminal owned by the person who is expected to enter,
The mobile terminal is communicatively connected to a server device via a network,
A step of transmitting attribute information of the mobile terminal to the server device and receiving a unique identifier corresponding to the attribute information from the server device before the scheduled date and time when the prospective person enters the facility;
A step of acquiring an ID signal unique to the facility in a designated area of the facility when the prospective person visits the facility;
Transmitting the obtained ID signal and the unique identifier to the server device;
And a step of receiving an admission certificate issued by the server device when the prospective admission person plans to enter the facility.

Images