JP6968337B2 - Security system of vault - Google Patents

Description

The present invention relates to a storage such as a stamp box for storing a seal or the like and a security system for safely managing such a storage.

In the management department of the company, important seals such as company seals, representative seals, registered seals, bank registration seals, etc. used for settlement and contracts in transactions are strictly stored in a keyed storage box generally called a seal box. It is stored in. Such storage is usually unlocked with a single master key. However, due to the approval of company operations, seals are often used by multiple departments such as accounting, legal affairs, and personnel, and it is inconvenient to manage with only one master key. On the other hand, if the person in charge of each department has a key that duplicates the master key, the risk of loss or unauthorized use of the key increases, which is not preferable in terms of security.

Conventionally, as a measure to prevent unauthorized unlocking by a third party in the storage, for example, the key information to be unlocked is digitized, and the ID, password, etc. from the mobile phone owned by the user having access authority are used. There is a technique such as transmitting key information and controlling an electric lock device based on the key information (see, for example, Patent Documents 1 to 3). However, even if the key information is simply digitized, the risk of stealing from the screen of a mobile phone or the like or intercepting an ID or password by a virus such as malware or spyware cannot be completely eliminated. Therefore, if the electric lock device is controlled only by a one-sided unlock request signal, it cannot be determined whether the key information is legitimate or stolen, and it cannot be said that the security is perfect.

Japanese Unexamined Patent Publication No. 2001-193324 Japanese Unexamined Patent Publication No. 2004-308242 Japanese Unexamined Patent Publication No. 2007-068138

An object of the present invention is to provide a security technique for improving safety as compared with the conventional case by monitoring access to a storage by an external management device in a storage provided with an electric locking means. There is.

In order to solve the above-mentioned problems, the present invention is a storage including an electric locking means that operates based on a signal from a user's terminal device, and at least an event related to an unlocking operation requested from the terminal device. It is equipped with an event information transmission means that can transmit information to the outside.

The present invention also relates to a security system in which a storage and an external management device are communicably connected via a network, and the management device relates to a database and an unlocking operation received from the storage. It is provided with an unlocking history registration means for registering event information as unlocking history information in the database.

Further, in the security system having the above configuration, the management device provides an action pattern verification means for verifying whether or not the unlock request by the user matches the unlocking action pattern indicated by the unlocking history information registered in the database. Further, it is preferable to have it.

Further, in the security system having the above configuration, it is preferable that the management device further includes an alert transmission means for transmitting an alert when it is determined that the unlocking request does not match the unlocking behavior pattern.

Further, in the security system having the above configuration, when the management device determines that the unlocking request does not match the unlocking behavior pattern, a re-authentication requesting means for requesting another authentication process from the terminal device of the user is provided. Further, it is preferable to have it.

According to the present invention, the safety of the storage can be improved by constantly monitoring the access to the storage by the management device.

It is a conceptual diagram which shows the security system of the stamp box by one Embodiment of this invention. It is a block diagram of the control circuit provided in the stamp box. It is a figure which shows typically the structure of the electric locking means provided in the stamp box. It is a figure for demonstrating the operation of the electric locking means. It is a figure for further explaining the operation of the electric locking means. It is a figure for further explaining the operation of the electric locking means. It is a flowchart for demonstrating the operation of the security system regarding the unlocking of a stamp box. It is a figure which exemplifies the contents of the log data recorded in a database. This is an example of a histogram in which behavior patterns are analyzed based on the unlocking history of a user.

Hereinafter, the storage according to the present invention and the security system for safely managing the storage will be described in detail with reference to the drawings. FIG. 1 is a conceptual diagram showing a security system according to an embodiment of the present invention. Here, a stamp box 10 will be described as an example of a storage, and an application server (hereinafter, simply referred to as “server”) 30 which is a so-called cloud computer existing on the Internet as an external management device will be described as an example.

The seal box 10, which is an example of the storage, is a box with a key for storing a seal such as a company seal or a representative's seal, and together with a mechanical locking means for locking / unlocking with a predetermined key. The electric locking means 20 that operates based on a signal received from the outside is provided. The electric locking means 20 is configured to be able to lock the opening / closing lid of the stamp box 10 based on a request signal transmitted by a mobile terminal device (hereinafter, simply referred to as “terminal”) 50 such as a smartphone owned by the user.

FIG. 2 is a block diagram of a control circuit that controls the electric locking means 20 in the stamp box 10. As shown in the figure, this control circuit includes a microcomputer 11, an operation switch 12 electrically connected to the microcomputer 11, a wireless LAN control unit 13, a short-range wireless communication control unit 14, and a lid opening / closing sensor 15. , The lift sensor 16 and the like are provided. The stamp box 10 of the present embodiment is driven by a battery 18, and this control circuit includes a power supply circuit 17 for obtaining a predetermined driving power from the battery 18.

The microcomputer 11 is a small computer in which a CPU, ROM, RAM, I / O, etc. are connected by an internal bus in one package. When the CPU executes arithmetic processing according to a program code stored in advance in the ROM of the microcomputer 11, system control of the stamp box 10, hardware operation control including the electric locking means 20, and information communication means described later are realized. NS.

The operation switch 12 is composed of, for example, a mechanical push button switch or a touch type panel switch provided on the operation panel of the stamp box 10. By receiving the switch signal from the operation switch 12, the microcomputer 11 is configured to recognize the operation performed on the operation switch 12.

The wireless LAN control unit 13 is a communication control circuit for connecting the stamp box 10 (specifically, the microcomputer 11) to the server 30 on the cloud via the Internet so as to be communicable. Further, the wireless LAN control unit 13 includes a Wi-Fi router (not shown), that is, a wireless LAN adapter for connecting to an Internet access point.

The short-range wireless communication control unit 14 is a circuit for performing simple information communication such as a password with a terminal 50 at a relatively short distance by, for example, Bluetooth (registered trademark). For example, Class 2 mounted on a general smartphone can perform mutual wireless communication within a range of up to 10 meters or less. In addition, in order to prevent mutual interference (interference) with a wireless LAN that uses the 2.4 GHz band in the ISM (Industry Science Medical) band, TYPE-A / B or FeliCa (registered) is used for communication between the stamp box 10 and the terminal 50. Near field type non-contact communication (NFC: Near Field Communication) such as (trademark) may be adopted.

The lid open / close sensor 15 is a sensor for detecting the open / closed state of the open / close lid, and various microswitches such as mechanical contact switches or various non-contact sensors such as optical sensors can be adopted. The lid opening / closing sensor 15 is provided in, for example, the locking portion of the stamp box 10, and when it is detected that the opening / closing lid is securely closed in the stamp box body, the lid opening / closing sensor 15 outputs an active closing signal to the microcomputer 11. It is preferable to configure it in. As a result, the microcomputer 11 can surely recognize whether the opening / closing lid is in the open state or the half-opened state, or whether the opening / closing lid is properly closed.

The lifting sensor 16 is, for example, a micro switch provided at the bottom of the box body of the stamp box 10, and is adapted to output an abnormal signal to the microcomputer 11 in response to the stamp box 10 when the stamp box 10 is lifted. Further, the built-in acceleration sensor may be used to detect the vibration or impact of the stamp box 10 and output an abnormal signal.

Further, the control circuit of the stamp box 20 is configured so that the microcomputer 11 turns on the switching element 22 to supply the drive current from the power supply circuit 17 to the solenoid 21.

FIG. 3 schematically shows the configuration of the electric locking means 20 provided in the stamp box 10. The electric locking means 20 according to the present embodiment includes a rotating plate 23, a plate hook 24, a lid hook 25, a spring 26, and a solenoid 21. The rotating plate 23 is rotatably attached to the box body of the stamp box 10 via the shaft pin 23a. A plate hook 24 is fixed to the tip of the rotating plate 23. The elastic contraction force of the spring 26 rotates toward the locked position where the plate hook 24 and the lid hook 25 can be engaged (clockwise in FIG. 3) so that a rotational moment is always generated in the rotating plate 23. It acts on the edge of the plate 23. Further, the solenoid 21 attracts the magnetic portion 23b of the rotating plate 23 at the time of excitation, and directs the rotating plate 23 to the unlocking position against the elastic contraction force of the spring 26 (counterclockwise in FIG. 3). ) It is placed in a rotatable position.

When the solenoid 21 is not excited, only the elastic contraction force of the spring 26 acts on the rotating plate 23 as shown in FIG. 3, and the rotating plate 23 is placed at the locked position where the plate hook 24 engages with the lid hook 25. Be retained. When the opening / closing lid is to be opened in this state, the lid hook 25 engages with the plate hook 24, and a clockwise moment is generated in the rotating plate 23. Therefore, the locked state of the opening / closing lid is maintained by engaging the lid hook 25 and the plate hook 24.

On the other hand, when a drive current is supplied to the solenoid 21 and excited, the magnetic portion 23b is attracted to the solenoid 21 and the rotating plate 23 rotates counterclockwise as shown in FIG. As a result, the lid hook 25 and the plate hook 24 are disengaged and the opening / closing lid is unlocked.

It is preferable that the stamp box 10 according to the present embodiment is automatically locked when the opening / closing lid is closed on the box body. For example, as shown in FIGS. 5A and 5B, the lid hook 25 expands the tip of the rotating plate 23 in conjunction with the closing operation of the opening / closing lid, and the lid hook 25 is attached to the plate hook 24 fixed to the tip. It can be configured to engage.

In the stamp box 10 according to the present embodiment, in order to realize monitoring and management by the server 30 on the cloud, information on the event generated in the stamp box 10 (this is referred to as "event information") is transmitted via the Internet. The event information transmission means for transmitting to the server 30 is provided. Examples of events that occur in the stamp box 10 include a pairing event indicating success of pairing with the terminal 50, an unlock permission request event requesting unlock permission for the stamp box 10, and user authentication being rejected. There are an authentication refusal event indicating, an unlocking completion event indicating that unlocking is completed normally, a lid opening / closing event detected by the lid opening / closing sensor 15, an abnormal event detected by the lifting sensor 16, and the like.

In the present embodiment, the signal such as event information transmitted from the stamp box 10 to the server 30 and the signal such as a command transmitted from the server 30 to the stamp box 10 are, for example, HTTP (Hypertext Transfer Protocol). Transferred according to the WEB server-client communication protocol.

Next, an operation example of the security system according to the present embodiment, which is constructed so that the server 30 on the cloud monitors the stamp box 10 having the above configuration, will be described. In the following operation description, at least an ID (hereinafter, simply referred to as “user ID”) and a password for identifying a user who has access authority to the target stamp box 10 are registered in the database 31 in advance. It is assumed that it has been done.

Here, the "user having access authority" is a user (registered user) who is at least permitted to unlock a certain stamp box 10 and is registered in the user list table 32 of the database 31. ).
The user ID registered in the user list table 32 is account information assigned to each access right, and instead / or in addition, individual information transmitted by the terminal 50 owned by the user (license information of a dedicated application or a terminal). It may be (including 50 MAC addresses and the like).
The password registered in the user list table 32 may be one or a plurality. Further, a special password (this is referred to as a "master password") in which the access right to the stamp box 10 is not particularly restricted may be registered in the user list table 32.

Further, the box list table 33 and the log data 34 are stored in the database 31.
In the box list table 33, individual information of a plurality of stamp boxes 10, 10, ... Managed by the server 30 is recorded in association with registered user information and event log information related to each stamp box 10.
The "registered user information" recorded in the box list table 33 may be, for example, a reference address of the user list table 32 associated with the target stamp box.
The "event log information" may be, for example, a reference address of log data 34 indicating an access history for each registered user.

That is, the server 30 can identify all the users registered in the target stamp box 10 by referring to the user list table 32 from the box list table 33. Further, by referring to the log data 34 from the user list table 32, the server 30 can grasp the access (behavior) history in which the specified user has unlocked the stamp box 10 in the past. The server 30 can analyze the behavior pattern such as unlocking performed by the user with reference to the data in the database 31 as described later.

Here, FIG. 6 is a flowchart for explaining each cooperation operation in the terminal 50, the stamp box 10, and the server 30 regarding the unlocking of the stamp box 10 by the registered user.

When the user unlocks the stamp box 10, first, a dedicated application pre-installed on the terminal 50 is activated (step S51). Further, if the stamp box 10 is not activated, the user may manually turn on the activation switch (step S11). The microcomputer 11 of the stamp box 10 starts the transmission of the advertisement packet by Bluetooth (registered trademark) in the initialization process at the time of startup (step S12).

The application launched on the terminal 50 searches for a nearby Bluetooth® device (step S52). Then, when the terminal 55 detects the stamp box 10, a link key is exchanged between the terminal 50 and the stamp box 10, and pairing is executed (steps S53 and S13). Along with this pairing process, the terminal 50 may transmit the user ID information to the stamp box 10.

The user clicks, for example, the unlock button on the application screen of the terminal 50 (step S54), and then inputs the password (step S55). The terminal 50 generates an unlock request signal including the entered password as information and transmits it to the stamp box 10 via Bluetooth (registered trademark) (step S56).

The microcomputer 11 of the stamp box 10 collates the user ID with the password included in the received unlock request, and authenticates that the user has a legitimate access authority (step S14). Then, the microcomputer 11 (event information transmitting means) requests unlocking permission by transmitting the unlocking permission request event information including the user ID as information to the server 30 via the Internet (step S15). ..

Although not shown in the flow of FIG. 6, when the microcomputer 11 of the stamp box 10 determines that the user ID and the password are not legitimately associated with each other, the microcomputer 11 of the stamp box 10 rejects the authentication of the user. be able to. In that case, the microcomputer 11 can transmit the authentication refusal event information to the server 30. At this time, the microcomputer 11 can also send a signal to the terminal 50 requesting the user to re-enter the password.

When the server 30 (unlocking history registration means) receives the unlocking permission request event information from the stamp box 10, the server 30 registers the event in the log data 34 of the database 31 (step S31). Here, FIG. 7 illustrates the contents of the log data 34 recorded in the database 31 for a certain user.

The server 30 (behavior pattern verification means) verifies whether or not the unlocking request by the authenticated user matches the past unlocking behavior pattern indicated by the log data 34 (step S32). Thereby, it can be determined whether or not the unlocking request by the user is normal in light of the past unlocking behavior pattern. An example of the verification process and the judgment criteria of the unlocking behavior pattern will be described below.

As described above, in the log data 34 of the registered user, for example, event information (unlocking permission request, unlocking permission, unlocking completion, etc.) related to the past unlocking behavior shown in FIG. 7 is recorded. There is. Based on this log data 34, the behavior pattern verification means of the server 30 is divided into predetermined time zones on each day of the week, for example, as shown in FIG. 8, and is a histogram of the behavior performance in which the user unlocks the stamp box 10. Can perform analysis.

According to the histogram analysis of the unlocking behavior as exemplified in FIG. 8, the probability that a registered user unlocks the stamp box 10 at each time zone of each day of the week (this is referred to as “unlocking behavior” in the present specification. "Probability") can be easily calculated. The behavior pattern verification means can quantify and evaluate the tendency of the unlocking behavior pattern of the user with this unlocking behavior probability. In this case, the parameter for calculating the unlocking action probability may be the cumulative number of times the user has unlocked the stamp box 10 so far. Further, the population parameter may be the number of times the lock is unlocked in a predetermined period (for example, the last 6 months). Further, the unlocking action probability may be calculated for each time zone related to the day of the week, or the unlocking action probability may be calculated for each day of the week regardless of the time zone.

For example, the behavior pattern verification means is used when the unlocking behavior probability of the user making the unlocking request of the stamp box 10 this time is a predetermined% (for example, 30%) or more in the time zone in which the request is made. The unlocking request by the above matches the past unlocking behavior pattern, and it can be determined that the behavior is normal. On the contrary, when the unlocking behavior probability is less than a predetermined percentage, the unlocking request by the user does not match the past unlocking behavior pattern, and it can be determined that the behavior is different from the usual one.

In addition, the frequency of unlocking in the past (number of unlocks) on each day of the week or each predetermined time zone obtained by this histogram analysis can be used to determine the unlocking behavior pattern of the user. In this case, the number of times of unlocking the determination target time zone or day of the week can be the cumulative number of times the user has unlocked the stamp box 10 up to the present time, or within a predetermined period (for example, the latest 6 months) retroactive from the present time. It may be the number of times the lock is unlocked.

For example, the behavior pattern verification means is performed by the user who makes the unlocking request of the stamp box 10 this time when the number of unlocking times in the time zone in which the request is made is a predetermined number of times (for example, the third time) or more. It can be determined that the unlocking request matches the past unlocking behavior pattern. On the contrary, when the unlocking behavior probability is less than a predetermined number of times, it can be determined that the unlocking request by the user does not match the past unlocking behavior pattern.

When the server 30 (unlocking permission means) determines that the unlocking request matches the past unlocking behavior pattern, the server 30 sends an unlocking permission command to the stamp box 10 (step S33). Then, the unlock permission event is registered in the log data 34 (step S34).

When the server 30 (alert transmitting means) determines that the unlocking request does not match the past unlocking behavior pattern, the server 30 transmits an alert by e-mail to the terminals of all users registered for the stamp box 10. Is preferable. As a result, it is possible to notify other users of the existence of the possibility that the stamp box 10 has been illegally accessed, and it is possible to prompt a prompt response before the fraudulent act is executed.

Further, when the server 30 (re-authentication requesting means) determines that the unlocking request does not match the past unlocking behavior pattern, the server 30 sends an e-mail requesting another authentication process to the terminal 50 of the user. You may.
Here, "requesting another authentication process" means that the user is requested to enter a password (second password or master password) different from the password initially entered, or authentication by another user is performed. Asking is an example. When such "another authentication" is obtained, the server 30 (unlocking permission means) can send the unlocking permission command to the stamp box 10 without verifying the unlocking behavior pattern. As a result, even if the unlocking request is not illegal, the authentication accuracy can be further improved without significantly impairing the user's convenience.

Upon receiving the unlock permission command from the server 30, the microcomputer 11 of the stamp box 10 supplies a drive current to the solenoid 21 to unlock the electric locking means 20 (step S16). Then, the microcomputer 11 (event information transmitting means) transmits the unlocking completion event information to the server 30 (step S17). When the server 30 (unlocking history registration means) receives the unlocking completion event information from the stamp box 10, the server 30 registers the unlocking completion event in the log data 34 of the database 31 (step S35).

In addition to the above, as a function on the stamp box 10 side, a function (for example, pressing the carry-out button) that can cancel the output of the abnormal signal in advance when the stamp box 10 is taken out may be provided. Further, it may be provided with a function of being able to monitor the presence or absence of the contents of the stamp box body by reflection by a laser beam or by a camera or the like.
Further, as a monitoring function on the server 30 side, in order to prevent the theft of the stamp box 10, for example, in the periodic communication with the stamp box 10, the communication is cut off because the stamp box 10 is out of the Wi-Fi environment. In this case, the server 30 may broadcast an e-mail indicating the occurrence of an abnormality to the terminal 50 of the registered user. Further, the operating conditions for periodic communication with the stamp box 10 (for example, switching on / off of periodic communication, interval of periodic communication, transmission time, etc.) may be arbitrarily set by the management user with the application of the terminal 50.

According to the stamp box and its security system according to the present embodiment described above, the security of the stamp box can be improved as compared with the conventional case by constantly monitoring the access status of the stamp box by the server on the cloud. .. In addition, the server can verify whether the unlocking request by the user authenticated by the stamp box is normal in light of the past unlocking behavior pattern. As a result, if the server determines that the unlocking request is not a normal behavior pattern, an alarm transmission, a second password input request, or the like is performed, and fraudulent activity can be prevented at the water's edge. Further, even if the unlocking request is not illegal, the authentication accuracy of the registered user can be further improved without significantly impairing the convenience of the user.

10 stamp box (storage)
11 Microcomputer 12 Operation switch 13 Wireless LAN control unit 14 Short-range wireless communication control unit 15 Lid open / close sensor 16 Lift sensor 17 Power supply circuit 18 Battery 20 Electric locking means 21 Solvent 22 Switching element 23 Rotating plate 24 Plate hook 25 Lid hook 26 Spring 30 server (management device)
31 Database 32 User list table 33 Box list table 34 Log data (unlocking history information)
50 Mobile terminal device (terminal device)

Claims (3)

It is a security system in which the vault and an external management device are connected so that they can communicate via a network.
The storage is provided with an electric locking means that operates based on a signal from a user's terminal device, and an event information transmitting means capable of transmitting at least event information related to an unlocking operation requested from the terminal device to the outside. Prepare,
The management device, Rutotomoni a unlock history registration means for registering in the database and the database, event information relating to unlocking operation received from the depot as unlocking history information,
A security system in which the management device further includes an action pattern verification means for verifying whether or not the unlock request by the user matches the unlocking action pattern indicated by the unlocking history information registered in the database. The management device, the unlock request, further comprising alerting means for transmitting an alert when it is determined not to conform to the unlocking action pattern, the security system according to claim 1. Claim 1 or 2 further includes a re-authentication requesting means for requesting another authentication process from the terminal device of the user when the management device determines that the unlocking request does not match the unlocking behavior pattern. The security system described.

Images