JP7341103B2 - Entrance/exit management method - Google Patents

Description

The present invention relates to an entrance/exit management method.

In recent years, advances in information and communication technology and dramatic improvements in the performance of electronic devices have made it possible to achieve a high level of security for access control systems installed in offices, facilities, and condominiums. There is. This is due to the widespread use of various information and communication technologies and numerous electronic devices.

For example, by automatically determining whether or not a visitor to a company's office or various facilities is a legitimate person who has previously made an appointment with someone at the facility, it can prevent suspicious persons from entering the facility. Systems that ensure security within facilities are widely used.

Patent Document 1 discloses an entry/exit management system that improves security within a facility by comprehensively checking the suitability of visitors to the facility and the visitor's behavior history within the facility.
The technology described in Patent Document 1 registers a visitor identification code given in advance to a person who is planning to visit a facility and facial photo data of the person who is planning to visit the facility in a database within the device. When the prospective visitor visits the facility, the visitor reception device receives the visitor identification code and facial photo data of the visitor, and if the received data matches the data registered in the database. A command for permission to enter the facility is sent to the visitor reception device only when the visitor receives the visitor.

Japanese Patent Application Publication No. 2011-048817

In the entrance/exit management system described in Patent Document 1, in addition to the unique visitor identification code given in advance to the person planning to visit the facility, the suitability of the visit is determined based on the visitor's facial photo data. It is possible to effectively prevent suspicious persons from entering the facility.
However, even if a visitor mistakenly sends a third party's face image, it will be registered in the system, so in such cases, legitimate visitors to the facility may not be able to enter. There was a problem.

In view of the above-mentioned problems, an object of the present invention is to not give permission to enter even if a visitor mistakenly sends a facial image of a third party, but only to authorized visitors who have been registered in advance. The purpose of this invention is to provide an entry/exit management method that can be used to control access.

In order to solve the above problems, for example, the configurations described in the claims are adopted.
The present application includes a plurality of means for solving the above problems, and to give one example, the entry/exit management method of the present invention is an entry/exit management method that includes a visitor terminal, an employee terminal, and a registration server. This is an entry/exit management method using a management device, and includes the following steps (a) to (i).
(a) A step in which the visitor terminal receives a request to send the visitor's face image from the registration server, photographs the visitor's face image, and sends the visitor's face image to the registration server;
(b) a step in which the registration server receives the facial image transmitted from the visitor terminal and determines whether or not the facial image transmitted from the visitor terminal has necessary information;
(c) if the registration server determines that the facial image transmitted from the visitor terminal has all the necessary information, storing the facial image of the visitor received by the registration server in the database of the registration server;
(d) If the registration server determines that the facial image sent from the visitor terminal does not contain necessary information, the registration server notifies the visitor terminal of a request to resend the visitor's facial image. ,
(e) a step in which the visitor terminal receives a request to retransmit the visitor's facial image from the registration server, and retransmits the visitor's facial image to the registration server;
(f) When the employee terminal is notified that the storage of the visitor's face image has been completed from the registration server that stored the visitor's face image, the employee terminal outputs a registration permission inquiry screen on the display screen of the employee terminal, and the visitor a step of determining whether the person is a legitimate visitor ;
(g) If the employee terminal determines that the visitor stored in the database of the registration server is not a visitor who should be registered, the employee terminal will display the visitor's facial image to the visitor terminal. notifying a retransmission request ;
(h) The visitor terminal that receives the request to resend the visitor's facial image from the employee terminal resends the visitor's facial image, and the employee terminal sends the visitor the facial image stored in the database of the registration server. If it is determined that the visitor is a visitor who may be registered, the step of transmitting an instruction to register the visitor's facial image from the employee terminal to the registration server;
(i) A step in which the registration server registers in the database a visitor who has received an instruction to register a face image from the employee terminal as a visitor who may be allowed to pass.

According to the entrance/exit management method of the present invention, it is possible to prevent unauthorized intrusion by a third party, thereby ensuring a higher level of security.
Problems, configurations, and effects other than those described above will be made clear by the following description of the embodiments.

1 is a schematic diagram showing the overall configuration of an entry/exit management system that implements an entry/exit management method according to an embodiment of the present invention. FIG. 3 is a diagram showing a data structure of a face image storage area table used to implement the entrance/exit management method according to the embodiment of the present invention. FIG. 2 is an image diagram of a screen displayed on an employee terminal used to implement the entry/exit management method according to the embodiment of the present invention. 1 is a diagram showing a hardware configuration of a computer device used to implement an entry/exit management method according to an embodiment of the present invention. FIG. 2 is a sequence diagram showing the flow of registration processing in the entry/exit management method according to the embodiment of the present invention.

Hereinafter, an embodiment (hereinafter referred to as "the present example") of an entry/exit management method of the present invention and an entry/exit management device that implements the method will be described in detail with reference to FIGS. 1 to 5.

<Overall configuration of entry/exit control system including entry/exit control device>
FIG. 1 is a schematic diagram showing the overall configuration of an entry/exit management system including an entry/exit management device for a building or the like according to this example.
As shown in FIG. 1, in the entrance/exit control device of this example, registration servers 6 provided at a plurality of sites 1 to 1n such as buildings are connected to a network line 10 via a communication device 9, and a center 11 (described later) It is connected to the history storage server 12 on the side. Note that when referring to a plurality of sites 1 to 1n, such as buildings, collectively, they will be referred to as site 1.

A site 1 such as a building includes a door 2, a camera 3, an employee terminal 4 operated by an employee 5 who manages entry and exit, a registration server 6, and a communication device 9.
The registration server 6 includes a control device 7 and a database (site side) 8. The control device 7 controls a visitor confirmation section 7a, a face image discrimination section 7b, a face image matching confirmation section 7c, a passage permission output section 7d, and a door opening command output section 7e.

The visitor confirmation unit 7a confirms that the e-mail address sent from the visitor terminal 16 matches a pre-registered e-mail address.
The face image determination unit 7b confirms that the data attached to the email address sent from the visitor terminal 16 is face image data that can be authenticated as a face image.
The facial image matching confirmation section 7c confirms whether the facial image confirmed by the facial image discriminating section 7b matches a facial image previously stored in a facial image storage area 8a in the database 8, which will be described later.

The passage permission output unit 7d outputs an identifier indicating that passage may be permitted when the face image of the visitor 17 matched by the face image matching confirmation unit 7c matches the face image of the visitor 17 photographed by the camera 3. Grant. Note that this identifier is stored in an identifier field T7 of the face image storage area 8a, which will be described later with reference to FIG.
Further, the door opening command output unit 7e sends an opening command to the door 2 to open the door 2 when a visitor 17 whose passage is permitted by the passage permission output unit 7d comes to visit.

The database (site side) 8 has storage areas such as a face image storage area 8a, a traffic permit storage area 8b, and a traffic history storage area 8c, and the control device 7 stores and reads information in each of these storage areas. control.
The face image of the visitor 17 sent from the visitor terminal 16 is stored in the face image storage area 8a.

The pass permission storage area 8b stores data indicating that the visitor 17 is a visitor 17 who may be allowed to pass when the pass permit output unit 7d determines that the visitor 17 is a visitor 17 who may be allowed to pass. That is, data including the face image of the visitor 17 sent from the visitor terminal 16 is stored.
Furthermore, the access permission storage area 8b stores areas that can be accessed within the site 1 according to the visitor 17.
A history indicating that the visitor 17 has passed through the door 2 is stored in the passage history storage area 8c.

On the other hand, the history storage server 12 on the center 11 side includes a control device 13 and a database (center side) 14 that stores data such as communication history. The history storage server 12 also includes a communication device 15 for connecting to the network line 10 forming a wide area network.
The control device 13 controls a traffic history collection unit 13a, a traffic history extraction unit 13b, and a database (center side) 14.

The traffic history collection unit 13a collects traffic history data of the visitor 17 sent from the site 1. The traffic history extraction unit 13b stores the traffic history data of the visitor 17 acquired by the traffic history collection unit 13a in the traffic history storage area 14c.

The database (center side) 14 has an IP address storage area 14a, a site name storage area 14b, and a traffic history storage area 14c.
The IP address owned by the site 1 is stored in the IP address storage area 14a.
The name of the site 1 is stored in the site name storage area 14b. The travel history of the visitor 17 collected from the site 1 is stored in the travel history storage area 14c.
The traffic history data stored in the traffic history storage area 14c is the same as the data stored in the traffic history storage area 8c of the database (site side) 8.

It is assumed that a visitor 17 who is planning to visit the site 1 owns a visitor terminal 16 that can be connected to the network line 10.

<Data structure of face image storage area table>
FIG. 2 shows a table of the face image storage area 8a in the database (site side) 8 of FIG.
The face image storage area table has a row number field T1, a name field T2, a sender field T3, an image data field T4, an image data ID field T5, a registration date field T6, and an identifier field T7.

The row number field T1 is a field simply indicating the row number of the table. The name field T2 stores, for example, the name of a company employee who is registered as the visitor 17. Although the names of four people are listed in FIG. 2, it is natural that the names of all visitors 17 are actually stored.
The identification symbol of the visitor terminal 16 owned by the visitor 17 is stored in the transmission source field T3. That is, each visitor 17 has a visitor terminal 16, and the identification symbol of this visitor terminal 16, for example, No. "AAA00001" is stored as the identification symbol of the visitor terminal 16 of the visitor 17.

The face image of the visitor 17 transmitted from the visitor terminal 16 is stored as image data in the image data field T4. No. 1 and no. A face image is stored for visitor 17 of No. 2, but the face image of visitor No. 2 is stored. 3 and no. No facial image is stored for visitor 17 of No. 4. This is No. 3 and no. 4 means that the visitor 17 is not transmitting a facial image from the visitor terminal 16 that he/she owns.

An identification symbol ID assigned to the face image of the visitor 17 is stored in the image data ID field T5. This image data ID will be stored in correspondence with the face image of the visitor 17 whose face image is stored in the image data field T4.

The registration date field T6 stores the year, month, and day that the visitor 17 visited, which is transmitted from the visitor terminal 16. For example, No. For visitor 17 of No. 1, the year, month, and day of visitor 17's visit is stored, such as YYYY/MM/DD (YYYY year MM month DD day). Also, No. 2~No. For visitor 17 of No. 4, the registration date field T6 is blank. Here, No. Visitor 17 of No. 2 is not allowed to be registered because the identifier field T7, which will be described later, is "0", so the registration date field T6 is blank.

On the other hand, No. 3 and no. Since the face image has not been sent from the visitor terminal 16 to visitor 17 of No. 4, the fact that the registration date field T6 is blank means that no determination has been made as to whether or not to register. are doing.

The identifier field T7 stores an identifier for determining whether the visitor 17 is allowed to unlock the door 2 of the site 1 and allow the visitor 17 to pass through. For example, a visitor 17 whose identifier "1" is stored is permitted to pass, and a visitor 17 whose identifier "0" is stored is prohibited. Here, the identifier of "1" or "0" stored in the identifier field T7 is used at the employee terminal 4 when registering the face image of the visitor 17 as the face authentication image of the visitor 17 in the registration server 6. is entered and stored by the employee 5 who operates the .

As shown in FIG. 2, the identifier field T7 contains the number whose registration date is registered in the registration date field T6. Identifier "1" is stored only for visitor 17 of No. 1. 2~No. For the visitor 17 of No. 4, an identifier "0" is stored.

Here, No. The face image of visitor 17 No. 2 is stored in the image data field T4, and the identifier in the identifier field T7 is "0". In other words, No. The visitor 17 of No. 2 was determined by the employee 5 operating the employee terminal 4 to be unable to be registered, so the identifier in the identifier field T7 becomes "0".

On the other hand, No. 3 and no. The identifier "0" is also stored for the visitors 17 of No. 4, but this is because no facial images are stored in the image data field T4. Since the determination of yes has not been made, the identifier in the identifier field T7 is "0".

As described above, in FIG. 2, in addition to distinguishing by identifiers the visitors 17 who are allowed to register and the visitors 17 who are not allowed to be registered, the identifier field T7 includes visitors who have not yet been determined to be able to register or not to be registered. The identifier "0" is also stored for the person 17 for convenience.

Note that providing the identifier field T7 to determine which visitors 17 are allowed to be registered and which visitors 17 are not allowed to be registered is just one example. Without using the identifier field T7 shown in FIG. 2, the face image of the visitor 17 who is allowed to register and the face image of the visitor 17 who is not allowed to be registered are stored separately in an arbitrary storage area of the database 8. Good too.

<Screen image of employee terminal 4>
FIG. 3 shows a screen image displayed on the employee terminal 4.
The selection column G1 is a column for specifying the line number of each visitor 17. As shown in FIG. 3, for example, a black circle is displayed when selected, and a white circle is displayed when not selected.
In the name column G2, the name of the visitor 17 is displayed.
In the image data column G3, the face image of the visitor 17 sent from the visitor terminal 16 is displayed. The employee 5 who manages the entry and exit of the visitor 17 can confirm the visitor 17 by looking at the face image displayed on the employee terminal 4.

The sender field G4 displays the identification symbol of the visitor terminal 16, which is the same as the sender field T3 in FIG.
The registration date field G5 displays the year, month, and day (for example, YYYY/MM/DD) when registration of the visitor 17 was permitted, which is the same as the registration date field T6 in FIG. 2.

Further, at the bottom of the display screen of the employee terminal 4, a delete button G6, a resend button G7, and a registration button G8 are displayed. The delete button G6 is a button for deleting the entire line specified in the selection column G1.
The resend button G7 is pressed when it is determined that the face image of the visitor 17 that has been sent is not a recognizable face image, or when the person is different from the face image stored in the face image storage area 8a. , is a button for requesting retransmission of the face image of the visitor 17 from the employee terminal 4.

Further, the registration button G8 is pressed when the face image of the visitor 17 sent from the visitor terminal 16 matches the person whose face image is stored in the face image storage area 8a, that is, the visitor 17 is legitimate. This button is used to instruct the registration server 6 from the employee terminal 4 to register the visitor 17 when it becomes clear that the visitor 17 is registered.

<Hardware configuration of the entry/exit control device in this example>
FIG. 4 shows the hardware configuration of a computer device that constitutes the registration server 6 shown in FIG.
As shown in FIG. 4, the computer device constituting the registration server 6 of FIG. 1 includes a CPU (Central Processing Unit) 41, a ROM (Read Only Memory) 42, a RAM (Random Access Memory) 43, It is composed of non-volatile storage 44.

The CPU 41 reads from the ROM 42 a program code of software that implements the functions of the registration server 6, and executes arithmetic processing. Variables and the like generated during arithmetic processing performed within the registration server 6 are temporarily written into the RAM 43. The CPU 41 implements the functions of the registration server 6 shown in FIG. 1 by executing program codes recorded in the ROM 42.

The non-volatile storage 44 is composed of a non-volatile memory such as an SSD (Solid State Drive). This nonvolatile storage 44 stores programs, data, etc. necessary for the CPU 41 to operate.

Further, the registration server 6 includes an input section 46 and an output section 47. The face image of the visitor 17 photographed by the visitor terminal 16 is input to the input unit 46 . Furthermore, a face image of the visitor 17 taken by a camera 3 installed within the site 1 is also input.
The output unit 47 outputs authentication data including the facial image stored in the facial image storage area 8a of the registration server 6 to the employee terminal 4.

The registration server 6 also includes a communication interface (communication unit IF) 45. As the communication interface 45, for example, a NIC (Network Interface Card) or the like is used. This communication interface 45 corresponds to the communication device 9 in the registration server 6 of FIG.

<Processing procedure for entry/exit management method>
FIG. 5 is a sequence diagram showing a processing procedure for explaining the entry/exit management method of this example.
The sequence diagram in FIG. 5 shows the transmission and reception of signals between the visitor terminal 16, the registration server 6, and the employee terminal 4.
As shown in FIG. 5, first, the registration server 6 requests the visitor terminal 16 to send a facial image of the visitor 17 (step SB1). The visitor terminal 16 then receives a request to send the face image of the visitor 17 from the registration server 6 (step SA1).

Next, a facial image of the visitor 17 is photographed by the visitor terminal 16, and the visitor terminal 16 attaches the facial image of the visitor 17 to an email and sends it to the registration server 6 (step SA2). The registration server 6 receives the face image attached to the email from the visitor terminal 16 (step SB2), and determines whether or not the face image sent from the visitor terminal 16 has necessary information (step SB2). SB3).

In this step SB3, the registration server 6 uses the face image determination unit 7b to determine whether all the information necessary for face authentication is present. That is, the determination in step SB3 is made, for example, based on whether or not the eyes, mouth, nose, etc. of the visitor 17 can be recognized in the face image of the visitor 17 transmitted from the visitor terminal 16.

Also, to check whether the data of the visitor 17 sent from the visitor terminal 16 is a valid visitor, check whether the e-mail address sent from the visitor terminal 16 matches the e-mail address registered in advance. It is done depending on whether

If it is determined in step SB3 that the transmitted facial image has all the necessary information (YES in step SB3), the registration server 6 stores the received incoming visitor in the facial image storage area 8a of the database (site side) 8. The face image of person 17 is stored (step SB4).
On the other hand, if it is determined in step SB3 that the transmitted facial image does not contain the necessary information (NO in step SB3), the registration server 6 requests the visitor terminal 16 to reproduce the facial image of the visitor 17. Request transmission (step SB5). Then, the visitor terminal 16 receives the facial image retransmission request (step SA3), and transmits the facial image again in step SA2.

The registration server 6, which has stored the face image of the visitor 17 in step SB4, sends a message via the communication device 9 to the employee terminal 4 in the site 1, informing that the storage of the face image of the visitor 17 has been completed. Send an email (step SB6).
Then, the employee terminal 4 receives a notification email indicating that the facial image of the visitor 17 has been stored (step SC1), and outputs a registration permission inquiry screen to the display screen of the terminal (step SC2). Then, the employee terminal 4 receives registration permission for the visitor 17 to determine whether the visitor 17 is a valid visitor (step SC3).

Next, the employee terminal 4 determines whether the visitor 17 whose face image is stored in the face image storage area 8a of the database (site side) 8 of the registration server 6 is a legitimate visitor 17 who may be registered. (Step SC4).
The judgment in step SC4 is whether the face image of the visitor 17 taken by the camera 3 installed near the door 2 of the site 1 matches the face image of the visitor 17 stored in the face image storage area 8a. This is done by

In this step SC4, if the employee terminal 4 determines that the visitor 17 stored in the face image storage area 8a is not a visitor 17 that may be registered (NO in step SC4), the employee terminal 4 sends an e-mail requesting resending of the face image of the visitor 17 to the visitor terminal 16, which is the sender (step SC5).

The visitor terminal 16 accepts the request for retransmission of the facial image in step SC5 from the employee terminal 4 (step SA3), and retransmits the facial image again in step SA2.
Further, in step SC4, if the employee terminal 4 determines that the visitor 17 whose face image is stored in the face image storage area 8a is a visitor 17 that may be registered (YES in step SC4), The employee terminal 4 transmits a registration instruction to the registration server 6 (step SC6).

That is, the registration instruction by the employee terminal 4 in step SC6 is a communication that informs the registration server 6 that the employee terminal 4 has confirmed that the visitor 17 is a correct and legitimate visitor 17.

Note that when the employee 5 who operates the employee terminal 4 instructs the registration server 6 to register the visitor 17, the employee 5 allows the visitor 17 to access the registration server 6. It is preferable to attach a specific area. For example, there are some areas within the company that even employees cannot enter. Furthermore, when the visitor 17 is a visitor, it goes without saying that the accessible area is restricted.

The registration server 6 receives the registration instruction in step SC6 from the employee terminal 4 (step SB7), and determines which visitors 17 may be allowed to pass, for whom the registration instruction was received from the employee terminal 4. , and is registered and saved in the traffic permit storage area 8b (step SB8). As already mentioned, the access permission storage area 8b stores areas within the site 1 that are accessible to the visitor 17 who is permitted to pass.
Then, the registration server 6 transmits to the visitor terminal 16 that the registration of the passage permit for the visitor 17 has been completed (step SB9).

The visitor terminal 16 determines whether there is a retransmission of the facial image (step SA4), and if there is a request for retransmission of the facial image (NO in step SA4), the process of step SA3 and step SA2 is performed. However, if there is no request for retransmission of the face image (YES in step SA4), a registration completion notification is received from the registration server 6 (step SA5), and the process ends.

As explained above, when the visitor 17 visits the site 1, the face of the visitor 17 photographed by the camera 3 is recognized by the employee terminal 4. The employee terminal 4 then sends information about the recognized visitor 17 to the registration server 6. The registration server 6 waits for a registration instruction from the employee terminal 4, allows the visitor 17 to pass through the door 2, and opens the door 2 using the door opening command output section 7e.

Note that the present invention is not limited to the embodiments described above, and includes various modifications. Further, the above-described embodiments have been explained to explain the present invention in an easy-to-understand manner, and the present invention is not necessarily limited to those having all the configurations described, and other configurations may be used as appropriate. It can also be applied to composition.

1 to 1n...site (example: building), 2...door, 3...camera, 4...employee terminal, 5...employee, 6...registration server, 7...control device (site side), 8...database (site side) ), 9... Communication device (site side), 10... Network line, 11... Center, 12... History storage server, 13... Control device (center side), 14... Database (center side), 15... Communication device (center side) ), 16...visitor terminal, 17...visitor

Claims (2)

An entry/exit management method using an entry/exit management device comprising a visitor terminal, an employee terminal, and a registration server, the method comprising:
a step in which a visitor terminal receives a request to send a facial image of a visitor from a registration server, photographs the facial image of the visitor, and transmits the facial image of the visitor to the registration server;
the registration server receiving the facial image transmitted from the visitor terminal and determining whether or not the facial image transmitted from the visitor terminal has necessary information;
If the registration server determines that the facial image transmitted from the visitor terminal has all the necessary information, the registration server stores the facial image of the visitor received in the database of the registration server. step and
If the registration server determines that the face image sent from the visitor terminal does not have necessary information, the registration server requests the visitor terminal to re-send the face image of the visitor. a step of notifying ;
the visitor terminal receiving a retransmission request for the facial image of the visitor from the registration server, retransmitting the facial image of the visitor to the registration server;
The employee terminal, which has been notified by the registration server that has stored the visitor's face image that the storage of the visitor's face image is completed, outputs a registration permission inquiry screen on the display screen of the employee terminal. , a step of determining whether or not the visitor can be registered to determine whether or not the visitor is a legitimate visitor ;
If the employee terminal determines that the visitor stored in the database of the registration server is not a visitor who may be registered, the employee terminal transmits the facial image of the visitor to the visitor terminal. a step of notifying a retransmission request of the
The visitor terminal, which received a request for retransmission of the facial image of the visitor from the employee terminal, retransmits the facial image of the visitor, and the employee terminal stores the facial image in the database of the registration server. If it is determined that the visitor with the facial image is a visitor who may be registered, transmitting an instruction to register the facial image of the visitor from the employee terminal to the registration server;
a step in which the registration server registers the visitor who has been instructed to register the facial image from the employee terminal in the database as a visitor who may be allowed to pass;
Entry/exit control methods including. Confirmation of the visitor with the facial image sent by the employee terminal is performed by using the facial image of the visitor taken with a camera installed near the door of the site where the registration server is located and storing it in the database of the registration server. The entrance/exit management method according to claim 1, wherein the entry/exit management method is performed based on whether or not the facial images of the visitors are matched .

Images