JP7143164B2 - Access control system, access control device and program - Google Patents

Description

The embodiments of the present invention relate to an entry/exit management system, an entry/exit management device , and a program.

2. Description of the Related Art Conventionally, an IC card containing an IC (Integrated Circuit) chip having a card user authentication function is known. In connection with this, in the entrance/exit management process for managing entrance/exit to/from a predetermined area such as a room or facility, based on the identification information of the IC card read by the card reader device installed near the door for entrance/exit, There is an entry/exit management system that determines whether a card user is allowed to enter or exit. However, in a situation where high security is required, there are cases where authentication is performed using a plurality of authentication means, or whether entry/exit permission is determined using encrypted authentication data. Therefore, it may take a long time to unlock the door when entering or exiting.

JP 2010-34967 A Japanese Patent Application Laid-Open No. 2003-248661 JP 2010-61517 A

The problem to be solved by the present invention is to provide an entry/exit management system, an entry/exit management device , and a program capable of shortening the door unlocking time when entering or exiting.

An entrance/exit management system of an embodiment includes a portable electronic device possessed by a user and an entrance/exit management device that performs entrance/exit management using the portable electronic device. The portable electronic device has a first authentication section, a communication section, a second authentication section, a storage section, and an unlock request section. The first authentication unit selects one authentication means from one or a plurality of authentication means associated with the door to be unlocked, and performs person authentication using the selected authentication means . The communication unit communicates with the entrance/exit management device. A second authentication unit accesses the entrance/exit management device through the communication unit and authenticates the portable electronic device based on the key information when the person authentication by the first authentication unit succeeds. The storage unit stores an authentication state including information of an unlockable door corresponding to the authentication means, which is transmitted from the entrance/exit management device when the portable electronic device is successfully authenticated by the second authentication unit. Store information. The unlocking request unit unlocks the door by causing a reader device connected to the entrance/exit management device to read unlocking information associated with the authentication state information stored in the storage unit. The entrance/exit management device has a third authentication section, an information generation section, and an unlocking control section. A third authenticator authenticates the portable electronic device with the key information. The information generating section generates the authentication state information based on the authentication means used for the person authentication and the authentication result by the third authenticating section when the authentication by the third authenticating section is successful. The unlocking control unit compares the unlocking information received by the reader device with the authentication status information generated by the information generating unit, and unlocks the door when the result of the comparison satisfies unlocking conditions. Let

1 is a schematic configuration diagram of an entry/exit management system 1 according to an embodiment; FIG. 2 is a diagram showing a hardware configuration example of the mobile terminal 100 according to the embodiment; FIG. 2 is a diagram showing a functional configuration example of the mobile terminal 100 of the embodiment; FIG. The figure which shows an example of the content of 166 A of personal authentication information of embodiment. The figure which shows an example of the content of the key information 166B of embodiment. The figure which shows an example of the content of the authentication state information 166C of embodiment. The figure which shows the functional structural example of the entrance-and-exit management server 200 of embodiment. The figure which shows an example of the content of the registered terminal authentication information 262 of embodiment. The figure which shows an example of the content of the door management information 264 of embodiment. The figure which shows an example of the content of the authentication state information 266 of embodiment. 4 is a sequence diagram for explaining pre-authentication processing according to the embodiment; FIG. The figure which shows an example of authentication means selection screen IM1 of embodiment. The figure which shows an example of authentication status screen IM2 of embodiment. 4 is a sequence diagram for explaining token acquisition processing according to the embodiment; FIG. FIG. 4 is a sequence diagram for explaining unlock execution processing according to the embodiment; The figure which shows an example of the door selection screen IM3 of embodiment. The figure which shows an example of authentication screen IM4 of embodiment.

An entry/exit management system, an entry/exit management device , and a program according to embodiments will be described below with reference to the drawings.

FIG. 1 is a schematic configuration diagram of an entry/exit management system 1 of the embodiment. The entrance/exit management system 1 includes, for example, a wireless router (an example of a first communication unit) 10, a plurality of reader devices (an example of a second communication unit) 20-1 to 20-n, and a plurality of electronic locks 30-1 to 20-n. 30-n, a controller 40, a portable terminal 100, and an entrance/exit management server 200. FIG. In the following description, the reader devices 20-1 to 20-n have the same configuration, and when it is not necessary to distinguish which reader device it is, the code after the hyphen indicating which reader device it is is omitted. , and will be referred to as a "reader device 20". The same applies to other configurations described using hyphens. Further, in the entrance/exit management system 1 shown in FIG. 1, for convenience of explanation, the entrance/exit management server 200 and the mobile terminal 100 are shown in a one-to-one relationship. natural numbers). The entry/exit management server 200 may be provided for each building or facility provided with a door to be locked or unlocked, or may be provided for each floor of a building or the like. The mobile terminal 100 is an example of a “portable electronic device”. The entry/exit management server 200 is an example of an "entry/exit management device".

The wireless router 10 is connected to the entrance/exit management server 200 and communicates with the mobile terminal 100 via the wireless communication network. For example, wireless communication networks include communication networks using communication methods such as Wi-Fi and Bluetooth (registered trademark). The wireless router 10 is wireless communication means with a longer communication distance than the reader device 20 . When the wireless router 10 receives the information transmitted from the mobile terminal 100 , the wireless router 10 outputs the received information to the entrance/exit management server 200 . Also, the wireless router 10 transmits information instructed by the entrance/exit management server 200 to the mobile terminal 100 .

The reader device 20 is installed, for example, in the vicinity of a door D through which one or both of entering or leaving a predetermined area such as a room or facility in a building is performed. The reader device 20 is wireless communication means with a shorter communication distance than the wireless router 10 . For example, the reader device 20 communicates with the mobile terminal 100 via an NFC (Near Field radio Communication) interface. Further, the reader device 20 may scan an image such as code information displayed on the display unit of the mobile terminal 100 and read information contained in the image. The code information includes, for example, QR Code (registered trademark), two-dimensional barcodes such as DataMatrix and AztecCode, and one-dimensional barcodes such as barcodes. The reader device 20 outputs the information acquired from the mobile terminal 100 to the entrance/exit management server 200 .

The electronic lock 30 is a lock system incorporating a mechanism for electrically locking and unlocking so that the key of the door D can be remotely operated from an external device. The electronic lock 30 unlocks or locks the door D based on control information obtained from the controller 40, for example.

The controller 40 transmits the information acquired by the reader device 20 to the entrance/exit management server 200 . Further, the controller 40 acquires control information for locking and unlocking the door D by the electronic lock 30 from the entrance/exit management server 200, and locks or unlocks the electronic lock 30 based on the acquired control information. Further, the controller 40 may generate control information for locking after a predetermined time has elapsed since unlocking, and output the generated control information to the electronic lock 30 . Also, a plurality of controllers 40 may be provided in association with the number of reader devices 20 and electronic locks 30 .

The mobile terminal 100 is, for example, a mobile phone such as a smart phone. The mobile terminal 100 communicates with the entrance/exit management server 200 by wirelessly communicating with the wireless router 10 . Also, the mobile terminal 100 communicates with the reader device 20 through the NFC interface. The mobile terminal 100 incorporates, for example, a UICC (Universal Integrated Circuit Card) 150 or a secure element. The secure element has, for example, a security capability to withstand an analysis attack from the outside, and includes a storage section, an encryption logic circuit, and the like that can safely store data. In addition, the secure element may have a tampering function that disables the use of information, circuits, etc. in the storage unit when the internal storage unit and circuits are physically removed.

The UICC 150 is, for example, an IC card such as a SIM (Subscriber Identity Module Card) card. The UICC 150 stores confidential information used for processing executed by the mobile terminal 100 . The UICC 150 is formed by, for example, mounting an IC chip 152 (see FIG. 2 described later) connected to a contact portion 151 on a plastic base material.

Also, the UICC 150 can communicate with the mobile terminal 100 or the like via the contact unit 151 (or via a dedicated communication path in the case of a secure element). The UICC 150 receives, for example, a command (processing request) transmitted by the mobile terminal 100 via the contact unit 151, and executes processing (command processing) according to the received command. The UICC 150 then transmits a response (processing response), which is the execution result of the command processing, to the mobile terminal 100 via the contact unit 151 .

FIG. 2 is a diagram illustrating a hardware configuration example of the mobile terminal 100 according to the embodiment. The mobile terminal 100 includes, for example, a CPU (Central Processing Unit) 110 , a RAM (Random Access Memory) 111 , a nonvolatile memory 112 , an input section 113 , a display section 114 , a card I/F (interface) section 115 , a NW (network) communication unit 116 , an NFC controller 117 , an antenna 117 A, a camera (an example of an imaging unit) 118 , a microphone (an example of an audio input unit) 119 , and a UICC 150 . CPU 110, RAM 111, nonvolatile memory 112, input unit 113, display unit 114, card I/F unit 115, NW communication unit 116, NFC controller 117, camera 118, and microphone 119 are connected via a system bus BS1.

For example, the CPU 110 executes programs stored in the RAM 111 or the nonvolatile memory 112 to perform various processes of the mobile terminal 100 . The RAM 111 is, for example, a volatile memory such as a DRAM (Dynamic RAM) or SRAM (Static RAM), and temporarily stores data and programs used when performing various processes of the mobile terminal 100 . The nonvolatile memory 112 is, for example, a memory such as a mask ROM (Read Only Memory) or a flash memory, and stores programs and the like for executing various processes of the mobile terminal 100 .

The input unit 113 is, for example, a key switch or a touch panel device, and receives information input by the user. The input unit 113 receives execution requests for pre-authentication processing and unlocking processing in the embodiment. The unlocking process includes, for example, a token acquisition process and an unlocking execution process. Further, the input unit 113 receives authentication information for personal authentication of the user and terminal authentication of the mobile terminal 100, and inputs of other information. The display unit 114 is, for example, a display device such as a liquid crystal display, and displays various information necessary for pre-authentication processing and unlocking processing. The display unit 114 may be provided integrally with the input unit 113 as a touch panel device. The display unit 114 displays various screens when providing a pre-authentication service or an unlocking service for unlocking the door D, for example.

A card I/F unit 115 is a contact interface via a contact unit 151 for the UICC 150 (eg, for IC card). Card I/F unit 115 is used when portable terminal 100 communicates with UICC 150 . The NW communication unit 116 is a communication module that communicates with the wireless router 10 by wireless communication such as Wi-Fi and Bluetooth. NW communication unit 116 communicates with entrance/exit management server 200 via wireless router 10 .

The NFC controller 117 is a contactless I/F unit that communicates with the reader device 20 via a contactless interface. The NFC controller 117 communicates with the reader device 20, for example, via an antenna 117A. The antenna 117A is, for example, an antenna coil used for data communication with the reader device 20 in NFC.

The camera 118 is, for example, a digital camera using a solid-state imaging device such as a CCD (Charge Coupled Device) or CMOS (Complementary Metal Oxide Semiconductor). Camera 118 is attached to an arbitrary location of mobile terminal 100 . The camera 118 captures, for example, the user's face image, the user's eyes, fingerprints, etc. according to an operation instruction from the user. A microphone 119 is attached to an arbitrary location of the mobile terminal 100 . The microphone 119 acquires the voice uttered by the user of the mobile terminal 100 as voice information.

The UICC 150 has, for example, a contact portion 151 and an IC chip 152 . The IC chip 152 includes a communication I/F unit 153, a CPU 154, a ROM 155, a RAM 156, and an EEPROM (Electrically Erasable Programmable ROM) 157, for example. Also, the IC chip 152 may include a flash memory.

The communication I/F unit 153 is a contact interface via the contact unit 151 , and performs communication (transmission and reception of commands/responses) between the UICC 150 and the mobile terminal 100 via the contact unit 151 . The CPU 154 executes programs stored in the ROM 155 or EEPROM 157 to perform various processes of the UICC 150 . CPU 154 executes command processing according to a command received by communication I/F section 153 via contact section 151, for example.

The ROM 155 is, for example, a non-volatile memory such as a mask ROM, and stores programs for executing various processes of the UICC 150 and data such as a command table. The programs and data such as command tables may be stored in the flash memory of the IC chip 152 . The RAM 156 is, for example, a volatile memory such as a RAM, and temporarily stores data used when performing various processes of the UICC 150 . The EEPROM 157 is, for example, an electrically rewritable nonvolatile memory. The EEPROM 157 stores various data used by the UICC 150 . Note that the above various data may be stored in the flash memory of the IC chip 152 .

FIG. 3 is a diagram illustrating a functional configuration example of the mobile terminal 100 according to the embodiment. Each unit of the mobile terminal 100 shown in FIG. 3 is realized using the hardware of the mobile terminal 100 shown in FIG. Hereinafter, the same reference numerals are given to the same components as those shown in FIG. 2, and the description thereof will be omitted. In the example of FIG. 3, the mobile terminal 100 includes an input unit 113, a display unit 114, a control unit 120, a terminal-side storage unit 130, a communication unit 140, and a UICC 150, for example. These functional units are software functional units that function when a processor such as the CPU 110 executes a program stored in a program memory.

The control unit 120 is realized by the CPU 110, for example. The control unit 120 includes, for example, an application execution unit (an example of an unlock request unit) 122 and a display control unit 124 . The application executing unit 122 is implemented by, for example, a processor such as the CPU 110 executing applications such as the pre-authentication application 132 and the unlocking application 134 stored in the terminal-side storage unit 130 . For example, the application execution unit 122 executes the pre-authentication application 132 to perform pre-authentication for unlocking the door D for the user to enter/exit the predetermined area. The pre-authentication is, for example, person authentication, terminal authentication, or the like, which is performed before a predetermined time before executing processing for unlocking the door D by having the reader device 20 read the unlocking information of the mobile terminal 100 . Further, the application executing unit 122 executes the unlocking application 134 to unlock the door D based on the pre-authentication result of the pre-authentication application 132 . Note that the pre-authentication application 132 and the unlocking application 134 may be configured as one application.

The display control unit 124 controls the display unit 114 to output an image corresponding to the processing executed by the application execution unit 122, or to end the display of the image.

The terminal-side storage unit 130 is realized by the RAM 111 and the nonvolatile memory 112, for example. The terminal-side storage unit 130 stores, for example, a pre-authentication application 132 , an unlocking application 134 , and information used for various processes of the mobile terminal 100 .

The communication unit 140 includes a card communication unit 142, an NFC communication unit 144, and a NW communication unit 116, for example. The card communication unit 142 is implemented using the card I/F unit 115 and communicates with the UICC communication unit 162 of the UICC 150 using the contact interface. NFC communication unit 144 is implemented using NFC controller 117 and antenna 117A, and communicates with reader device 20 using a contactless interface.

UICC 150 includes, for example, UICC communication section 162 , UICC control section 164 , and data storage section 166 . UICC control unit 164 and data storage unit 166 are an example of a secure element. UICC communication unit 162 is implemented using contact unit 151 and communication I/F unit 153 shown in FIG. 2, and communicates with card communication unit 142 using a contact interface.

The UICC control unit 164 is realized by the CPU 154, for example. The UICC control unit 164 includes, for example, an authentication information registration unit 164A, a first authentication unit 164B, a second authentication unit 164C, and a terminal-side authentication state management unit 164D. Authentication information registration unit 164A stores personal authentication information 166A and key information 166B in data storage unit 166, for example, before pre-authentication processing by application execution unit 122 is executed. For example, the authentication information registration unit 164A causes the data storage unit 166 to store a personal ID (password) for identifying an individual received via the UICC communication unit 162, biometric information, etc. as the personal authentication information 166A. FIG. 4 is a diagram showing an example of the contents of personal authentication information 166A of the embodiment. The personal authentication information 166A is, for example, a personal ID associated with biometric information. Biometric information is, for example, fingerprint information, face information, iris information, and voiceprint information. The fingerprint information is, for example, information on the shape, pattern, color, etc. of the fingerprint analyzed from the image captured by the camera 118, or information obtained by converting them into predetermined feature amounts. Further, the face information includes, for example, the outline of the user's face analyzed from the image captured by the camera 118, the shape pattern of the characteristic parts (for example, eyes, nose, mouth), the arrangement pattern of the characteristic parts, the color, and the like. or information obtained by converting them into predetermined feature amounts. The iris information is, for example, information such as characteristic patterns and colors appearing in the iris portion of the user's eyeball analyzed from the image captured by the camera 118, or information obtained by converting them into predetermined feature amounts. be. The voiceprint information is, for example, information such as the volume and intonation of the voice analyzed from the user's voice information acquired by the microphone 119, the distribution of the strength of the frequency component of the voice, and how it changes with time, or information such as a predetermined This is information converted into the feature amount of . The personal authentication information 166A may be a personal ID associated with a PIN (Personal Identification Number) or a terminal ID instead of (or in addition to) biometric information. As long as the same user uses the same terminal, the personal ID and the terminal ID often match. may

Further, the authentication information registration unit 164A causes the data storage unit 166 to store key information 166B for authenticating the mobile terminal 100 with the entrance/exit management server 200, for example. FIG. 5 is a diagram showing an example of the contents of the key information 166B of the embodiment. In the key information 166B, for example, a terminal ID that identifies the mobile terminal 100 is associated with authentication key information. Authentication key information includes, for example, a common key and a public key. At least one of the common key and the public key should be stored in the key information 166B.

In pre-authentication processing by application execution unit 122 , first authentication unit 164 B receives personal ID, biometric information, password such as PIN, etc. received via UICC communication unit 162 , and personal information stored in data storage unit 166 . Based on the authentication information 166A, person authentication processing is performed by one or a plurality of authentication means. Personal authentication processing is, for example, processing to confirm the legitimacy of a user. If it is determined that the user is a valid user, it is determined that the authentication has succeeded, and if it is determined that the user is not a valid user. authentication is determined to have failed. When the person authentication fails, the first authentication unit 164B causes the display control unit 124 to display information to that effect on the display unit 114 .

164 C of 2nd authentication parts perform mutual authentication with the entrance-and-exit management server 200 using the key information 166B, when a user's person authentication succeeds. Mutual authentication is, for example, an authentication process in which the mobile terminal 100 and the entrance/exit management server 200 mutually confirm that they are properly authenticated devices before communicating with each other. For example, the legitimacy of both parties is authenticated when the receiver can decrypt the information encrypted by the sender with respect to each other's keys. For example, second authentication unit 164C encrypts predetermined authentication data using a common key or public key included in key information 166B stored in data storage unit 166, and encrypts the encrypted authentication data. , the terminal ID, the result of person authentication (information indicating which authentication means has successfully authenticated), and the terminal authentication information including the PIN, to the entrance/exit management server 200 via the communication unit 140 . Second authentication unit 164C decrypts the encrypted data transmitted from entrance/exit management server 200 using the common key or the public key, and if the decrypted data is predetermined authentication data, , determine that the mutual authentication was successful. When the terminal authentication fails, the second authentication unit 164C causes the display control unit 124 to display information to that effect on the display unit 114 .

Terminal-side authentication state management unit 164D stores authentication state information 166C including the authentication state of the user in data storage unit 166 when person authentication by first authentication unit 164B and terminal authentication by second authentication unit 164C are successful. Let FIG. 6 is a diagram showing an example of the content of the authentication status information 166C of the embodiment. The authentication status information 166C, for example, associates a personal ID and a terminal ID with an authentication status, an authentication status retention period, and a session key. The authentication state is, for example, an authentication method in which person authentication is successful, or information on the unlockable door D (for example, door ID, which is door identification information). For example, when the person authentication is successful, the authentication method of successful authentication is stored as authentication information in the authentication state, and when the terminal authentication is also successful, the unlockable door D obtained from the entrance/exit management server 200 is stored. The information is stored as authentication information. The authentication state retention period is, for example, a period during which authentication information is valid. A session key is, for example, a key for encrypting or decrypting information communicated between the mobile terminal 100 and the entry/exit management server 200 . The session key is information obtained from the access-controlled 200 after successful terminal authentication. In addition, the terminal-side authentication state management unit 164D performs management such as deletion from the data storage unit 166 of the authentication state information 166C for which the authentication state holding period has passed.

The data storage unit 166 is implemented by the ROM 155, RAM 156, and EEPROM 157, for example. Data storage unit 166 stores, for example, personal authentication information 166A, key information 166B, authentication status information 166C, token 166D, and other information. A token is, for example, a restricted password or the like that is used when unlocking the door D. The usage restriction may be, for example, a restriction on the number of times (for example, the token can be used up to two times) or a restriction on the period (for example, a limitation on a specific date or a token that can be used for 3 days after it is generated).

Next, the functional configuration of the entrance/exit management server 200 will be described. FIG. 7 is a diagram showing a functional configuration example of the entry/exit management server 200 of the embodiment. The entrance/exit management server 200 includes, for example, a communication control unit 210, a terminal authentication unit (an example of a third authentication unit) 220, a management unit 230, a token generation unit 240, and a lock/unlock control unit (an example of an unlock control unit). ) 250 and a server-side storage unit 260 . These functional units are software functional units that function when a processor such as a CPU executes a program stored in a program memory. Also, some or all of these functional units may be hardware functional units such as LSI and ASIC.

The communication control unit 210 controls communication with the mobile terminal 100 via the wireless router 10 using a wireless communication method such as Wi-Fi or Bluetooth. Further, the communication control unit 210 receives, for example, information (for example, second unlocking information to be described later) related to the mobile terminal 100 read by the reader device 20, and locks/unlocks the door D from the locking/unlocking control unit 250. Control information for (unlocking or locking) is transmitted to the controller 40 .

The terminal authentication unit 220 performs mutual authentication based on the terminal authentication information from the mobile terminal 100 received by the wireless router 10 and the registered terminal authentication information 262 stored in the server-side storage unit 260, for example. FIG. 8 is a diagram showing an example of contents of the registered terminal authentication information 262 of the embodiment. In the registered terminal authentication information 262, for example, a terminal ID is associated with a common key and a public key. For example, the terminal authentication unit 220 refers to the terminal ID of the registered terminal authentication information 262 based on the terminal ID included in the terminal authentication information, and acquires the common key or public key associated with the matching terminal ID. In addition, terminal authentication section 220 decrypts the encrypted authentication data included in the terminal authentication information with the acquired common key or public key, and when the decrypted data matches predetermined authentication data, It is determined that the mobile terminal 100 is valid. If the mobile terminal 100 is valid (if the terminal authentication succeeds), the authentication data is encrypted with the common key or public key of the registered terminal authentication information 262, and the encrypted data is sent via the wireless router 10. Output to the mobile terminal 100 .

The management unit 230 includes, for example, a server-side authentication state management unit (an example of an information generation unit) 232 and a session key management unit 234 . When mutual authentication with mobile terminal 100 is successful in the authentication result by terminal authentication unit 220, server-side authentication status management unit 232 sets the terminal ID included in the terminal authentication information, the personal authentication result of mobile terminal 100, and the PIN. , and the generated authentication state information 266 is stored in the server-side storage unit 260 . Also, the server-side authentication state management unit 232 refers to the door management information 264 based on the person authentication result, and extracts doors that can be unlocked based on the person authentication result.

FIG. 9 is a diagram showing an example of contents of the door management information 264 of the embodiment. The door management information 264 includes, for example, a door ID, a reader ID that is identification information of the reader device 20, an electronic lock ID that is identification information of the electronic lock 30, a controller ID 40 that is identification information of the controller 40, and authentication means information. are mapped. In the example of FIG. 9, password authentication (for example, PIN authentication) must be successful in order to unlock door D1, and password authentication and fingerprint authentication are required in order to unlock door D2. This indicates that the two authentications of . For example, the number and type of authentication means for a door are set according to, for example, the degree of importance and confidentiality of the room to be entered (for example, the presence of confidential documents and important devices).

The server-side authentication state management unit 232 refers to the authentication means information of the door management information 264 based on the person authentication result, and stores the matching door ID information in the authentication state of the authentication state information 266 as a releasable door. do. Further, the server-side authentication state management unit 232 stores the validity period of the authentication state information 266 corresponding to the terminal ID and PIN in the authentication state holding period. The server-side authentication state management unit 232 may set a fixed period as the authentication state retention period, or set a variable period based on the type of door that can be unlocked, the access authority associated with the terminal ID or PIN in advance, and the like. May be set. By setting a variable period, entry can be managed with appropriate security for each door. Also, the server-side authentication state management unit 232 causes the communication control unit 210 to transmit the authentication state information 266 corresponding to the mobile terminal 100 to the mobile terminal 100 via the wireless router 10 .

Session key management unit 234 generates a session key and stores the generated session key in authentication state information 266 when mutual authentication with mobile terminal 100 by terminal authentication unit 220 is successful. The session key management unit 234 also encrypts the generated session key with the common key or public key of the mobile terminal 100 and causes the communication control unit 210 to transmit the encrypted session key to the mobile terminal 100 via the wireless router 10 . As a result, the mobile terminal 100 and the entry/exit management server 200 can exchange and share session keys, and can transmit/receive information after encrypting it with the session key in subsequent communications. Also, the session key management unit 234 may exchange and share session keys using a key exchange algorithm such as DH (Diffie Hellman) or ECDH (Elliptic Curve Diffie Hellman). Key exchange by DH uses, for example, a one-way function based on the discrete logarithm problem to transmit and receive information calculated from the session key rather than the session key itself. Key exchange by ECDH is, for example, key exchange by DH using elliptic curve cryptography. As a result, even if the session key is intercepted by a third party, the session key will not be known immediately unless the interceptor solves the discrete logarithm problem, so key exchange can be performed more safely. The session key is discarded, for example, after a series of communications between the mobile terminal 100 and the entrance/exit management server 200 is completed, or after the authentication state retention period has passed.

FIG. 10 is a diagram showing an example of the contents of the authentication status information 266 of the embodiment. The authentication status information 266 is, for example, a terminal ID and PIN associated with an authentication status, an authentication status retention period, and a session key. The server-side authentication state management unit 232 manages the authentication state holding period, and performs management such as deleting from the server-side storage unit 260 the authentication state information 266 that has passed the holding period.

For example, when a token acquisition request is received from the mobile terminal 100, the token generation unit 240 generates a token for unlocking a door that can be unlocked included in the authentication state or a specific door requested to be unlocked. A token is generated, and the generated token is transmitted to the mobile terminal 100 via the wireless router 10 by the communication control unit 210 . Token generation unit 240 also associates the generated token with the terminal ID and stores it in server-side storage unit 260 as token 268 .

The locking/unlocking control unit 250 generates control information for unlocking the corresponding door based on the unlocking information from the mobile terminal 100 read by the reader device 20, and sends the generated control information to the target door. Output.

The server-side storage unit 260 is implemented by, for example, an HDD, SSD, ROM, RAM, or the like. The server-side storage unit 260 stores, for example, registered terminal authentication information 262, door management information 264, authentication status information 266, tokens 268, and information used for various processes of the entrance/exit management server 200. FIG.

Next, the pre-authentication processing of the embodiment will be specifically described. FIG. 11 is a sequence diagram for explaining pre-authentication processing according to the embodiment. The process shown in FIG. 11 is, for example, a process executed before the mobile terminal 100 is held over the reader device 20 to execute the unlocking process. When the authentication is performed, the pre-authentication application 132 is activated and the function of the application execution unit 122 is realized.

First, the application executing unit 122 executes person authentication processing using one or a plurality of preset authentication means (step S100). Specifically, the display control unit 124 causes the display unit 114 to display an authentication method selection screen for selecting one or a plurality of authentication methods from a plurality of authentication methods. FIG. 12 is a diagram showing an example of the authentication method selection screen IM1 according to the embodiment. The screen layout shown in FIG. 12 is not limited to this, and the same applies to subsequent screen examples. The authentication means selection screen IM1 includes a plurality of icons IC1 to IC5. In the example of FIG. 12, the application executing unit 122 executes password authentication when the user selects the icon IC1, and executes fingerprint authentication when the user selects the icon IC2. Further, the application executing unit 122 executes face authentication when the icon IC3 is selected, iris authentication when the icon IC4 is selected, and voiceprint authentication when the icon IC5 is selected. Also, the application executing unit 122 terminates the person authentication when the icon IC6 is selected.

For example, when icon IC1 is selected and password authentication is performed, application execution unit 122 controls display control unit 124 to display an image for inputting a PIN on display unit 114 . Next, application execution unit 122 communicates with UICC communication unit 162 of UICC 150 through card communication unit 142 based on the PIN input by input unit 113, and causes first authentication unit 164B to perform person authentication. When UICC communication unit 162 receives a PIN, first authentication unit 164B acquires the PIN included in personal authentication information 166A and determines whether the acquired PIN matches the received PIN. If the two PINs match, first authentication unit 164B determines that the person authentication using the password has succeeded, and if they do not match, determines that the person authentication using the password has failed. First authentication unit 164B then outputs the authentication result to application execution unit 122 .

When icon IC<b>2 is selected and fingerprint authentication is performed, application execution unit 122 activates camera 118 and causes display unit 114 to display an image captured by camera 118 . Next, the display control unit 124 superimposes an image including a message prompting to take a fingerprint image on the image captured by the camera 118 and displays the image. Application execution unit 122 analyzes the image captured by camera 118 and acquires fingerprint information. Next, the application execution unit 122 communicates with the UICC communication unit 162 of the UICC 150 through the card communication unit 142 based on the fingerprint information, and causes the first authentication unit 164B to perform person authentication. Instead of using the UICC, fingerprint information pre-stored in the CPU and memory of the mobile phone may be used to internally perform person authentication.

When the fingerprint information is received by UICC communication unit 162, first authentication unit 164B acquires the fingerprint information included in personal authentication information 166A, and checks whether the acquired fingerprint information matches the received fingerprint information. judge. If the two pieces of fingerprint information match, first authentication unit 164B determines that the person authentication using the fingerprint information has succeeded, and if they do not match, determines that the person authentication using the fingerprint information has failed. First authentication unit 164B then outputs the authentication result to application execution unit 122 .

When icon IC3 is selected and face authentication is performed, application execution unit 122 activates camera 118 and causes display unit 114 to display an image captured by camera 118 . Next, the display control unit 124 generates an image including a message prompting photographing of the face, superimposes the generated image on the image captured by the camera 118, and causes the display unit 114 to display the image. The application executing unit 122 analyzes the image captured by the camera 118 and acquires face information. Next, the application execution unit 122 communicates with the UICC communication unit 162 of the UICC 150 using the card communication unit 142 based on the face information, and causes the first authentication unit 164B to perform person authentication. Instead of using the UICC, personal authentication may be performed internally using information corresponding to face information stored in advance in the CPU and memory of the mobile phone or the like. First authentication unit 164B acquires face information included in personal authentication information 166A when fingerprint information is received by UICC communication unit 162, and checks whether the acquired face information matches the received face information. judge. The first authentication unit 164B determines that the person authentication based on the face information has succeeded if the two pieces of face information match, and determines that the person authentication using the face information has failed if the two pieces of face information do not match. First authentication unit 164B then outputs the authentication result to application execution unit 122 . In the same manner as described above, a voiceprint is acquired from the voice input from the microphone 119, and information corresponding to the voiceprint information stored in advance in the CPU and memory of the UICC, mobile phone, etc. It is also possible to automatically execute person authentication. In this way, personal authentication can be performed using all kinds of biometric information.

Also, when icon IC4 is selected and authentication is performed using iris information, similar authentication is performed using iris information instead of face information in the above-described authentication method using face information. omitted. When icon IC5 is selected and authentication is performed using voiceprint information, application execution unit 122 activates microphone 119 and causes display control unit 124 to display an image including a message prompting vocalization on display unit 114 . In this case, application execution unit 122 may cause display unit 114 to display an image including a message for uttering specific characters or sentences. Next, the application executing unit 122 analyzes the voice information acquired by the microphone 119 and acquires voiceprint information. Next, the application execution unit 122 communicates with the UICC communication unit 162 of the UICC 150 through the card communication unit 142 based on the voiceprint information, and causes the first authentication unit 164B to perform person authentication. When voiceprint information is received by UICC communication unit 162, first authentication unit 164B acquires the voiceprint information included in personal authentication information 166A, and checks whether the acquired voiceprint information matches the received voiceprint information. judge. If the two pieces of voiceprint information match, the first authentication unit 164B determines that the person authentication using the voiceprint information has succeeded, and if they do not match, determines that the person authentication using the voiceprint information has failed. First authentication unit 164B then outputs the authentication result to application execution unit 122 . The application execution unit 122 may cause the display control unit 124 to display each authentication result on the display unit 114 .

Next, when the authentication is successful in the process of step S100, the application execution unit 122 sets an authentication method for unlocking the door D (step S102). In the processing of step S102, the application executing unit 122 may, for example, randomly set one authentication method from the plurality of authentication methods authenticated in the processing of step S100. do. Next, the application executing unit 122 causes the data storage unit 166 in the UICC 150 to store the authentication state information including the authentication result (step S104). Further, in the process of step S104, the authentication method for unlocking set in step S102 may be stored in data storage unit 166. FIG. Next, the second authentication unit 164C transmits terminal authentication information including the key information 166B and the like stored in the data storage unit 166 to the entrance/exit management server 200 to perform mutual authentication (step S106).

The terminal authentication unit 220 of the entrance/exit management server 200 authenticates (mutually authenticates) the mobile terminal 100 using the key information based on the terminal authentication information and the like received from the mobile terminal 100 (step S108). When the mobile terminal 100 is successfully authenticated, the server-side authentication status management unit 232 generates authentication status information (step S110) and transmits the generated authentication status information to the mobile terminal 100 (step S112). Next, the server-side authentication state management unit 232 stores the generated authentication state information in the server-side storage unit 260 (step S114).

Next, the application execution unit 122 of the mobile terminal 100 receives the authentication state information transmitted by the entrance/exit management server 200 in the process of step S114, and stores the information stored in the data storage unit 166 based on the received authentication state information. The authentication status information 166C is updated (step S116). In the process of step S116, the application executing unit 122 may replace the authentication state information 166C stored in the data storage unit 166 with the received authentication state information, or may update by rewriting only the difference information.

Further, in the process of step S116, the application execution unit 122 may cause the display control unit 124 to display information on the authentication state included in the received authentication state information on the display unit 114. FIG. FIG. 13 is a diagram showing an example of the authentication status screen IM2 according to the embodiment. The authentication status screen IM2 shown in FIG. 13 includes information about doors that can be unlocked according to the current authentication status. The example of FIG. 13 indicates that the door D1 and the door D4 can be unlocked by person authentication and terminal authentication. The display control unit 124 causes the authentication status screen IM2 to display icons IC11 and IC12 for selecting one of the unlockable doors D1 and D4 and an icon IC13 for ending the authentication status screen IM2. may In addition, the above only indicates that the door can be unlocked, and there are cases where it is necessary to further select the door. However, it is possible to clarify which door is specified.

Next, when the person authentication and the terminal authentication are successful, the session key management unit 234 of the access management server 200 generates a session key (step S118), and transmits the generated session key to the mobile terminal 100 (step S120). ). Next, the session key management unit 234 stores the generated session key in the authentication state information 266 (step S122).

The application executing unit 122 receives the session key transmitted from the entry/exit management server 200 in the process of step S120, and stores the received session key in the authentication state information 166C (step S124). This completes the processing of this sequence.

Next, the token acquisition processing of the embodiment will be specifically described. FIG. 14 is a sequence diagram for explaining token acquisition processing according to the embodiment. The process shown in FIG. 14 is executed by the pre-authentication application 132, and shows the process when the user selects a specific door on the authentication status screen IM2 shown in FIG. 13, for example.

First, the application executing unit 122 encrypts the terminal ID and the authentication state included in the authentication state information 166C with a session key (step S200). In the process of step S200, instead of the authentication status, information (for example, door ID) related to the door to be unlocked selected on the authentication status screen IM2 may be used. Also, the encryption processing in step S200 may be performed within a secure element such as the UICC 150 or the like. Next, the application execution unit 122 transmits the encrypted information to the entrance/exit management server 200 via the wireless router 10 (step S202).

The server-side authentication status management unit 232 of the entrance/exit management server 200 decrypts the information received by the wireless router 10 with the session key, and acquires the terminal ID and authentication status (step S204). Next, the token generation unit 240 generates a token based on the terminal ID and the authentication state, and stores the generated token in the server-side storage unit 260 (step S206). Next, the server-side authentication state management unit 232 encrypts the generated token with the session key (step S208), and transmits the encrypted token to the mobile terminal 100 via the wireless router 10 (step S210). Next, the server-side authentication state management unit 232 updates the authentication state stored in the server-side storage unit 260 when the authentication state retention period (for example, 5 hours, 1 day, etc.) included in the authentication state information 266 has passed. Delete information 266 and token 268 (step S212).

Next, application execution unit 122 of portable terminal 100 decrypts the token with the session key (step S214), and stores token 166D obtained by decryption in data storage unit 166 (step S216). Next, the terminal-side authentication state management unit 164D deletes the authentication state information 166C and the token when the authentication state holding period included in the authentication state information 166C has passed (step S218). This completes the processing of this sequence. Note that the process executed by the pre-authentication application 132 described above may acquire a token and unlock the door when entering or leaving a predetermined area, for example. Both doors may be unlocked when exiting.

Next, unlocking execution processing of the embodiment will be specifically described. FIG. 15 is a sequence diagram for explaining unlock execution processing according to the embodiment. In addition, in the following processing, the execution processing at the time of entering the room will be described, but the same processing is performed at the time of leaving the room. In the process shown in FIG. 15, for example, when the user's input unit 113 accepts an operation to execute the unlocking application 134, the function of the application executing unit 122 is realized by the unlocking application 134. FIG.

First, the application executing unit 122 performs person authentication using the authentication method set in the process of step S102 (step S300). In the processing of step S300, by using one set authentication method instead of a plurality of authentication methods, it is possible to reduce the burden on the user when executing unlocking. With the processing of step S300, for example, even after the mobile terminal 100 is stolen after acquiring the token, it is possible to prevent a third party from easily unlocking the door using the token, Security can be improved. Note that the processing of steps S102 and S300 described above may be omitted.

When the person authentication fails, the application execution unit 122 causes the display control unit 124 to display information indicating that fact on the display unit 114, and does not execute subsequent processing. Further, when the person authentication is successful, the application executing unit 122 reads the token 166D stored by the data storage unit 166, generates first unlocking information including the read token 166D and the random number (step S302), and generates The obtained first unlocking information is transmitted to the entrance/exit management server 200 via the wireless router 10 (step S304). Next, the application executing unit 122 generates second unlocking information by encrypting the random number used in the process of step S302 using the session key (step S306). In the process of step S306, the application executing unit 122 converts the second unlocking information obtained by encrypting the random number using the session key into a QR code, a two-dimensional barcode such as DataMatrix or AztecCode, or a one-dimensional barcode such as a barcode. or the like, and a process of converting into code information may be included in the process of generating the second unlocking information. Next, the application executing unit 122 causes the reader device 20 to read the generated second unlocking information (step S308). In the process of step S308, for example, the user may bring the mobile terminal 100 close to the reader device 20 to read the second unlocking information through NFC communication. The second unlocking information may be read by the reader device 20 by displaying the code information of the unlocking information on the display unit 114 and holding the displayed code information over the reader device 20 . The reader device 20 transmits the acquired second unlocking information to the entrance/exit management server 200 .

Next, the lock/unlock control unit 250 of the entrance/exit management server 200 identifies the terminal ID from the token included in the first unlocking information received from the wireless router 10, and refers to the authentication status information 266 from the identified terminal ID. A session key is identified (step S310). Next, the lock/unlock controller 250 encrypts the random number included in the first unlock information using the session key to generate authentication data (step S312). Next, the locking/unlocking control unit 250 collates the generated authentication data with the second unlocking information (step S314). If they match, the terminal ID is specified from the token, and the authentication state information is obtained from the specified terminal ID. 266 is identified, the authentication status, authentication status retention period, etc. are confirmed, and when predetermined unlocking conditions are satisfied, control is performed to unlock the electronic lock 30 of the corresponding door D (step S316). In the process of step S316, the lock/unlock control unit 250, for example, if the door requested to be unlocked is a door that can be unlocked in an authenticated state, and if the authenticated state holding period has not elapsed, the lock/unlock control unit 250 It is determined that the lock condition is satisfied. If the unlocking condition is satisfied, the locking/unlocking control unit 250 refers to the door management information 264 based on the door ID for which the unlocking request was made, acquires the electronic lock ID and controller ID corresponding to the matching door ID, Unlocking control for the acquired electronic lock ID is executed for the acquired controller ID.

Next, the locking/unlocking control unit 250 transmits information indicating that the lock has been unlocked to the mobile terminal 100 (step S318). It should be noted that in the process of step S316, if the predetermined unlocking condition is not satisfied, the lock/unlock control unit 250 transmits information indicating that unlocking is impossible to the mobile terminal 100 in the process of step S318.

Next, the display control unit 124 causes the display unit 114 to display the information transmitted by the process of step S318 (step S320). Next, the entry/exit management server 200 performs control to lock the electronic lock 30 after a predetermined time has elapsed since unlocking (step S322). As a result, it is possible to prevent the door from being left unlocked, and it is possible to prevent a third party from entering the predetermined area. This completes the sequence process.

Here, a modified example of the embodiment will be described. For example, in the process of FIG. 15, the application executing unit 122 uses information including a token and a random number as the first unlocking information, and uses information obtained by encrypting the random number using the session key as the second unlocking information. Alternatively, the token and authentication information included in the authentication status information 166C may be used as the first unlocking information, and the token may be used as the second unlocking information. In this case, the lock/unlock control unit 250 of the entrance/exit management server 200 compares the tokens included in the first unlocking information and the second unlocking information, and if they match, the token is included in the first unlocking information. Perform control to unlock the unlockable door included in the authentication information. In this way, by using a token, it is difficult to identify an individual even if communication is wiretapped, so security can be further improved. In addition, unlocking control with high security can be performed without performing encryption processing.

In the above-described embodiment, as the pre-authentication process, the first authentication unit 164B performs authentication by one or a plurality of authentication means selected on the authentication means selection screen IM1 shown in FIG. 13 is displayed on the authentication status screen IM2 shown in FIG. 13, alternatively, the selection of the door to be unlocked first may be accepted, and the authentication means corresponding to the accepted door may be executed. .

FIG. 16 is a diagram showing an example of the door selection screen IM3 according to the embodiment. After starting the pre-authentication application 132, the application execution unit 122 causes the display control unit 124 to generate the door selection screen IM3, and causes the display unit 114 to display the generated door selection screen IM3. On the door selection screen IM3, a list of doors of rooms and facilities whose entrances and exits are managed by the entrance/exit management server 200 is displayed. The list of doors may be hierarchically displayed for each floor of the building, or only the doors for entering and exiting the room specified by the search function may be displayed. In the example of FIG. 16, icons IC21 to IC23 associated with doors D1 to D3 are displayed on the door selection screen IM3.

When the user selects a door from the door selection screen IM3, the application executing unit 122 inquires of the entrance/exit management server 200 about the authentication means information corresponding to the selected door, and selects the door from the door management information 264 of the entrance/exit management server 200. Acquire authentication means information corresponding to . Note that the door management information 264 may be stored in the terminal-side storage unit 130 in advance, and the corresponding authentication means information may be acquired from the door management information 264 stored in the terminal-side storage unit 130 . Then, the application execution unit 122 causes the display control unit 124 to generate an authentication screen IM4 for notifying the acquired authentication means information, and causes the display unit 114 to display the generated authentication screen IM4.

FIG. 17 is a diagram showing an example of the authentication screen IM4 according to the embodiment. In the example of FIG. 17, when the icon IC22 of the door D2 is selected on the door selection screen IM3, two authentication means (password authentication and fingerprint authentication) for unlocking the door D2 are displayed on the authentication screen IM4. is displayed. In the example of FIG. 17, an icon IC31 for performing password authentication and an icon IC32 for performing fingerprint authentication are displayed as person authentication for unlocking the door D2. As a result, the user executes pre-authentication by the authentication means on which the authentication screen IM4 is displayed. According to the modified example described above, since only the authentication method corresponding to the door to be unlocked needs to be performed, pre-authentication can be performed efficiently.

Also, in the above-described embodiment, the mobile terminal 100 is provided with the secure element, but the entry/exit management server 200 may be provided with the same configuration. In this case, when performing pre-authentication, the application executing unit 122 of the mobile terminal 100 accesses the secure element of the entrance/exit management server 200 to acquire information for performing person authentication, and uses the acquired information to perform person authentication. to run. Further, the application executing unit 122 may transmit input information for performing authentication by one or a plurality of authentication means to the entrance/exit management server 200, and cause the server side to perform person authentication based on the input information and personal authentication information. good. As a result, personal authentication information can be managed in an integrated manner by managing information necessary for personal authentication in the secure element of the entrance/exit management server 200 .

According to at least one embodiment described above, the entrance/exit management system 1 has the mobile terminal 100 possessed by the user and the entrance/exit management server 200 that uses the mobile terminal 100 to perform entrance/exit management. The mobile terminal 100 includes a first authentication unit 164B that performs person authentication by one or more authentication means associated with a door to be unlocked, a NW communication unit 116 that communicates with the entrance/exit management device, and a first authentication unit. When the personal authentication by the unit 164B is successful, the second authentication unit 164C communicates with the entrance/exit management server 200 by the NW communication unit and performs terminal authentication of the mobile terminal 100 based on the key information. A data storage unit for storing authentication state information including information on a releasable door corresponding to the authentication means executed by the first authentication unit 164B, which is transmitted from the entrance/exit management server 200 when the authentication of the terminal 100 is successful. 166, an unlocking application 134 that unlocks the door by causing the reader device 20 connected to the entrance/exit management server 200 to read the unlocking information associated with the authentication state information stored in the data storage unit 166; Prepare. The entrance/exit management server 200 includes a terminal authentication unit (third authentication unit) 220 that authenticates the mobile terminal 100 using key information, and authentication means executed by the first authentication unit 164B when the authentication by the terminal authentication unit 220 is successful. , and the authentication result generated by the terminal authentication unit 220, the server-side authentication state management unit 232 that generates authentication state information, and the unlock information received by the reader device 20 and the server-side authentication state management unit 232. a locking/unlocking control unit that compares the authentication status information and unlocks the door when the result of the comparison satisfies a predetermined unlocking condition. As a result, it is possible to shorten the unlocking time of the door when entering and exiting.

Further, according to at least one of the embodiments described above, by performing person authentication using a plurality of authentication means, it is possible to improve security in entry/exit management, and at the same time, the authentication means can be authenticated before actually unlocking the door. By letting it succeed, it is possible to shorten the time required for unlocking. Further, according to at least one embodiment, the pre-authentication process is performed using a wireless communication method such as Wi-Fi or Bluetooth, which has a relatively long communication distance, so that the reader device 20 installed near the door can be accessed. Pre-authentication can be done without Further, according to at least one embodiment, authentication can be performed using biometric information acquired using the camera 118 or the microphone provided in the mobile terminal 100. Therefore, the biometric information is read by the reader device 20. There is no need to provide a mechanism, and the cost on the entrance/exit management side (for example, the cost of the reader device 20) can be reduced.

Further, according to at least one embodiment, personal authentication information and authentication status information are managed in a secure element such as a UICC. can be suppressed from being used or tampered with. In addition, by using a token or a random number in the process of unlocking, it becomes difficult to identify an individual by eavesdropping of communication, etc., so security can be further improved. The above-described embodiment can be applied, for example, in situations where multiple authentications are required, or in cases where different authentication means are used depending on the situation.

By recording a program for realizing the function of each configuration provided in the UICC 150 in the embodiment in a computer-readable recording medium, and causing the computer system to read and execute the program recorded in the recording medium, the above-described You may perform the process in each structure with which UICC150 which carried out. Here, "loading and executing the program recorded on the recording medium into the computer system" includes installing the program in the computer system. The "computer system" here includes hardware such as an OS and peripheral devices. The term "computer-readable recording medium" refers to portable media such as flexible discs, magneto-optical discs, ROMs and CD-ROMs, and storage devices such as hard discs incorporated in computer systems.

While several embodiments of the invention have been described, these embodiments have been presented by way of example and are not intended to limit the scope of the invention. These embodiments can be implemented in various other forms, and various omissions, replacements, and modifications can be made without departing from the scope of the invention. These embodiments and their modifications are included in the scope and spirit of the invention, as well as the scope of the invention described in the claims and equivalents thereof.

DESCRIPTION OF SYMBOLS 1... Access control system 10... Wireless router 20... Reader device 30... Electronic lock 40... Controller 100... Portable terminal 113... Input part 114... Display part 116... NW communication part 118... Camera, DESCRIPTION OF SYMBOLS 119... Microphone, 120... Control part, 122... Application execution part, 124... Display control part, 130... Terminal side storage part, 132... Pre-authentication application, 134... Unlocking application, 140... Communication part, 142... Card communication part , 144 NFC communication unit 150 UICC 162 UICC communication unit 164 UICC control unit 164A authentication information registration unit 164B first authentication unit 164C second authentication unit 164D terminal side authentication state Management unit 166 Data storage unit 200 Input/output management server 210 Communication control unit 220 Terminal authentication unit 230 Management unit 240 Token generation unit 250 Lock/unlock control unit 260 Server side storage Department

Claims (8)

An entrance/exit management system comprising a portable electronic device possessed by a user and an entrance/exit management device for performing entrance/exit management using the portable electronic device,
The portable electronic device comprises:
a first authentication unit that selects any one authentication means from among one or more authentication means associated with a door to be unlocked and performs person authentication using the selected authentication means ;
a communication unit that communicates with the entrance/exit control device;
a second authentication unit that accesses the access control device through the communication unit and authenticates the portable electronic device based on key information when the first authentication unit successfully authenticates the person;
When the portable electronic device is successfully authenticated by the second authentication unit, authentication status information including information on unlockable doors corresponding to the authentication means, which is transmitted from the entrance/exit management device, is stored. a storage unit;
an unlock request unit that unlocks the door by causing a reader device connected to the entrance/exit management device to read unlock information associated with the authentication state information stored in the storage unit;
The entrance/exit control device
a third authentication unit that authenticates the portable electronic device with the key information;
an information generation unit that generates the authentication state information based on the authentication means used for person authentication and the authentication result by the third authentication unit when the authentication by the third authentication unit is successful;
an unlocking control unit that compares the unlocking information received by the reader device with the authentication status information generated by the information generating unit, and unlocks the door when the result of the comparison satisfies unlocking conditions; have a
Access control system. The portable electronic device comprises a secure element,
The first authentication unit performs person authentication using information input in association with the one or more authentication means and authentication information stored in the secure element.
The entrance/exit management system according to claim 1. The second authentication unit performs mutual authentication between the portable electronic device and the access control device based on a common key or public key included in the key information.
3. The entrance/exit control system according to claim 1 or 2. The portable electronic device deletes the authentication state information stored in the storage unit when an authentication state retention period included in the authentication state information has passed.
The entrance/exit management system according to any one of claims 1 to 3. The portable electronic device acquires a token for unlocking the unlockable door included in the authentication status information from the entrance/exit management device,
The unlocking request unit transmits the token and the random number to the entrance/exit management device through the communication unit, and then causes the reader device to read the unlocking information obtained by encrypting the random number, thereby unlocking the door. request a lock,
The entrance/exit management system according to any one of claims 1 to 4. The unlocking control unit encrypts the random number from the key information associated with the token, compares the encrypted data with the unlocking information, and if the result of the comparison satisfies the unlocking condition, the unlocking control unit encrypts the random number from the key information associated with the token. unlock the door,
The entrance/exit management system according to claim 5. In an entrance/exit management device that performs entrance/exit management using a portable electronic device possessed by a user,
a communication unit that communicates with the portable electronic device;
a terminal authentication unit that authenticates a portable electronic device for which personal authentication has been successful in advance using key information received by the communication unit;
An information generation unit that generates authentication state information including information on a door that can be unlocked based on the authentication result of the person authentication and the authentication result of the terminal authentication unit when the authentication by the terminal authentication unit is successful. When,
Unlocking information from the portable electronic device read by a reader device connected to the entrance/exit management device and authentication status information generated by the information generation unit are collated, and the result of the collation is unlocking. an unlocking control unit for unlocking the door when a condition is satisfied;
Access control device with. In the computer of the entrance/exit control device that performs entrance/exit control using a portable electronic device possessed by the user,
causing the communication unit to communicate with the portable electronic device;
authenticating a portable electronic device, for which personal authentication has been successfully performed in advance, using the key information received by the communication unit;
generating authentication state information including information on a door that can be unlocked based on the authentication result of the person authentication and the authentication result of the key information when the authentication using the key information is successful;
The unlocking information from the portable electronic device read by the reader device connected to the entrance/exit management device is collated with the authentication status information. unlock the door,
program.

Images