WO2018193887A1 - Communication system, comprehensive communication system, relay system, reception system, communication method, and program - Google Patents

Communication system, comprehensive communication system, relay system, reception system, communication method, and program Download PDF

Info

Publication number
WO2018193887A1
WO2018193887A1 PCT/JP2018/014845 JP2018014845W WO2018193887A1 WO 2018193887 A1 WO2018193887 A1 WO 2018193887A1 JP 2018014845 W JP2018014845 W JP 2018014845W WO 2018193887 A1 WO2018193887 A1 WO 2018193887A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
communication
mobile terminal
communication system
area
Prior art date
Application number
PCT/JP2018/014845
Other languages
French (fr)
Japanese (ja)
Inventor
昌幸 天野
燕峰 王
松尾 至生
Original Assignee
パナソニックIpマネジメント株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by パナソニックIpマネジメント株式会社 filed Critical パナソニックIpマネジメント株式会社
Publication of WO2018193887A1 publication Critical patent/WO2018193887A1/en

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • the present disclosure generally relates to a communication system, a comprehensive communication system, a relay system, a reception system, a communication method, and a program. More specifically, the present disclosure relates to a communication system, an integrated communication system, a relay system, a reception system, a communication method, and a program that output information to a reception system.
  • Patent Document 1 an entrance / exit management system for controlling entry / exit of a user to / from a section in a facility is known, and disclosed in, for example, Patent Document 1.
  • the entrance / exit management system described in Patent Literature 1 includes a card reader and a control device.
  • the card reader is installed near the door of the facility room and is associated with the electric lock.
  • the control device is connected to the card reader and the electric lock.
  • the control device can receive the personal identification information read by the card reader.
  • the control device can control locking and unlocking of the electric lock.
  • the control device determines whether or not the personal identification information read by the card reader has the authority to pass through the door, using the verification information transmitted from the entry / exit management server. Then, when having the authority, the control device performs an unlocking operation of the electric lock corresponding to the card reader that transmitted the personal identification number.
  • the present disclosure has been made in view of the above points, and provides a communication system, a comprehensive communication system, a relay system, a reception system, a communication method, and a program capable of reducing a load of communication with the reception system. Objective.
  • the communication system includes a first communication unit and a second communication unit.
  • the first communication unit is data encrypted with respect to the mobile terminal based on request information from the mobile terminal in the outer area among the inner area and the outer area of the facility separated by the gate. Output information.
  • the second communication unit outputs second information, which is key information for decrypting the first information, to a receiving system capable of communicating with the mobile terminal in the inner area.
  • a comprehensive communication system includes the communication system described above and a relay system.
  • the relay system relays communication between the mobile terminal and the first communication unit provided at the gate.
  • a comprehensive communication system includes the communication system described above and a plurality of reception systems.
  • Each of the plurality of receiving systems is provided in the inner region and acquires the second information from the second communication unit.
  • the relay system is provided at a gate that separates an inner area and an outer area of a facility, and relays communication between the communication system and the mobile terminal.
  • the communication system includes a first communication unit and a second communication unit.
  • the first communication unit outputs first information that is encrypted data to the mobile terminal based on request information from the mobile terminal in the outer area.
  • the second communication unit outputs second information that is key information for decrypting the first information to the receiving system in the inner area.
  • the reception system is provided in the inner area of the facility inner area and the outer area separated by the gate, and receives the second information from the communication system.
  • the communication system includes a first communication unit and a second communication unit.
  • the first communication unit outputs first information, which is encrypted data, to the mobile terminal based on request information from the mobile terminal in the outer area.
  • the second communication unit outputs the second information, which is key information for decrypting the first information, to the receiving system in the inner area.
  • the communication method includes a first step and a second step.
  • the first step is data encrypted with respect to the mobile terminal based on request information from the mobile terminal in the outer area among the inner area and the outer area of the facility separated by the gate. Is a step of outputting.
  • the second step is a step of outputting second information, which is key information for decrypting the first information, to the receiving system in the inner area.
  • the program according to an aspect of the present disclosure is a program for causing a computer to realize the first function and the second function.
  • the first function is data encrypted with respect to the mobile terminal based on request information from the mobile terminal in the outer area among the inner area and the outer area of the facility separated by the gate. It is a function to output.
  • the second function is a function of outputting second information, which is key information for decrypting the first information, to the receiving system in the inner area.
  • FIG. 1 is a block diagram illustrating a configuration of a communication system and an integrated communication system according to an embodiment of the present disclosure.
  • FIG. 2 is a schematic diagram showing an example of a facility where the integrated communication system is used.
  • FIG. 3 is a schematic diagram showing another example of a facility in which the above integrated communication system is used.
  • FIG. 4 is a sequence diagram showing an example of operations of the communication system and the integrated communication system.
  • the total communication system 100 of this embodiment includes a communication system 1 and a plurality (five in FIG. 1) of reception systems 2.
  • the plurality of receiving systems 2 are all located in the inner area 60 of the inner area 60 and the outer area 61 of the facility 6 separated by the gate 7 and can communicate with the mobile terminal 4 (see FIGS. 2 and 3).
  • the facility 6 is a set (including the site 62) of a plurality of buildings 81 installed on the site 62 such as a factory, a complex commercial facility, a theme park, and the like (see FIG. 2).
  • the gate 7 is installed at, for example, an entrance / exit in the site 62.
  • the facility 6 is a single building 63 such as an office building or an apartment house (see FIG. 3).
  • the gate 7 is installed at the entrance of the building 63.
  • the facility 6 may be, for example, a welfare facility, a hospital, a store, or a detached house.
  • the communication system 1 includes a first communication unit 11 and a second communication unit 12.
  • the first communication unit 11 is configured to output first information that is encrypted data to the mobile terminal 4 based on request information from the mobile terminal 4 in the outer region 61. That is, the mobile terminal 4 can acquire the first information from the first communication unit 11.
  • the mobile terminal 4 is a smartphone, for example, and is owned by the user A1 (see FIG. 2).
  • the user A1 is, for example, an employee who works for the facility 6, or a visitor who visits the facility 6. That is, the 1st communication part 11 is not with respect to the portable terminal 4 of the user A1 who has already entered the inner area
  • the first information is output. And user A1 who entered inside field 60 of facility 6 has the 1st information.
  • the second communication unit 12 is configured to output the second information, which is key information for decrypting the first information, to the receiving system 2.
  • the key information is, for example, a secret key or a public key. That is, the receiving system 2 can acquire the second information from the second communication unit 12. And the receiving system 2 can decode the 1st information from the portable terminal 4 using this 2nd information.
  • the communication system 1 can cause the reception system 2 to acquire the second information in advance. And the receiving system 2 can decode the 1st information from the portable terminal 4 using the 2nd information acquired previously. That is, in this embodiment, the receiving system 2 does not need to communicate with the communication system 1 when communicating with the mobile terminal 4 and decoding the first information. For this reason, in this embodiment, for example, when a plurality of receiving systems 2 communicate with a plurality of mobile terminals 4, signals are transmitted from the plurality of receiving systems 2 to the communication system 1 in a concentrated manner at a time. It is hard to happen. Therefore, in this embodiment, the communication system 1 can reduce the load of communication with the receiving system 2. There is an advantage.
  • the total communication system 100 of this embodiment includes a communication system 1, a plurality of (five in FIG. 1) reception systems 2, and one or more (one in FIG. 1) relay systems 3.
  • FIG. 1 shows a portable terminal 4 and a network 5 such as the Internet.
  • one mobile terminal 4 of the two mobile terminals 4 shown in FIG. 1 represents a mobile terminal at the time of communication with the relay system 3, and the other mobile terminal 4 at the time of communication with the reception system 2.
  • the present embodiment it is assumed that there are a plurality of mobile terminals 4 instead of only one.
  • the user A1 owns one mobile terminal 4 per person. For this reason, in this embodiment, the case where there are multiple users A1 is assumed.
  • the plurality of receiving systems 2 are provided in each of the plurality of specific areas 8 in the inner area 60.
  • each of the plurality of buildings 81 is the specific region 8.
  • the corridor, the elevator hall, the entrance hall, the room 83 and the like in the building 63 are the specific area 8.
  • one room 83 may be divided into a plurality of specific areas 8.
  • each of the plurality of rooms 83 is the specific area 8.
  • the specific area 8 may be managed by the owner of the facility 6, or may be managed by a business operator (tenant) borrowed from the owner of the facility 6.
  • the plurality of receiving systems 2 are each attached to a wall near the door 82 that serves as an entrance / exit of the plurality of buildings 81.
  • the plurality of receiving systems 2 are attached to the walls near the doors 84 serving as the entrances and exits of the plurality of rooms 83.
  • the position of the receiving system 2 is not limited, and the receiving system 2 only needs to be provided at a position where it can communicate with the mobile terminal 4 in the specific area 8.
  • one or more relay systems 3 are provided in each of one or more gates 7 of the facility 6.
  • a plurality of (here, four) gates 7 are provided at the entrance / exit of the site 62, and a partition 72 is provided between the gates 7.
  • the relay system 3 is attached to each of a plurality of (here, three) partitions 72. That is, the relay system 3 may not correspond to the gate 7 on a one-to-one basis, and may correspond to a plurality of gates 7.
  • a door 73 is provided as a gate 7 at the entrance of the building 63.
  • the relay system 3 is attached to a wall near the door 73. Needless to say, the position of the relay system 3 is not limited, and the relay system 3 may be provided at a position where the relay system 3 can communicate with the mobile terminal 4 in the outer area 61.
  • the communication system 1 includes a first communication unit 11, a second communication unit 12, a processing unit 13, a first storage unit 101, and a second storage unit 102.
  • the communication system 1 is a server.
  • the communication system 1 mainly includes a computer system (including a microcomputer) including a processor and a memory, for example. That is, the computer system functions as the communication system 1 by executing an appropriate program on the processor.
  • the first communication unit 11 acquires request information from the mobile terminal 4 by communicating with the mobile terminal 4 in the outer area 61 via the relay system 3 and the network 5.
  • the first communication unit 11 outputs the acquired request information to the processing unit 13.
  • the request information includes identification information (ID: Identification) of the portable terminal 4 that is the transmission source of the request information (that is, identification information of the user A1).
  • the first communication unit 11 outputs the input first information to the portable terminal 4 via the network 5 and the relay system 3.
  • the first information is data encrypted using key information corresponding to the second information.
  • the first information is encrypted using the common key.
  • the first information is encrypted using a secret key.
  • the first information includes the identification information of the mobile terminal 4 that is the transmission source of the request information, the access authority, and the electronic signature.
  • an expiration date such as an output date is set in the first information.
  • the processing unit 13 sets an expiration date in the first information when creating the first information as will be described later. Therefore, for example, when the expiration date of the first information is exceeded, the first information becomes invalid.
  • the expiration date of the first information when the expiration date of the first information is exceeded, the authentication of the first information fails in the receiving system 2, so that the user A1 can enter the specific area 8 even if he has access authority. Can not.
  • the first communication unit 11 has an acquisition unit 111.
  • the acquisition unit 111 is configured to acquire the third information from the mobile terminal 4 by communicating with the mobile terminal 4 in the inner region 60 via the relay system 3 and the network 5.
  • the acquisition unit 111 acquires the third information by communicating with the mobile terminal 4 when the user A1 passes through the gate 7 and leaves the outer region 61.
  • the acquisition unit 111 outputs the acquired third information to the processing unit 13.
  • the third information is associated with each of the plurality of specific areas 8 in the inner area 60.
  • the third information includes, for example, information such as the date and time when authentication with the mobile terminal 4 was performed, and the attributes of the specific area 8 (for example, the room number if the specific area 8 is the room 83). That is, the third information includes information regarding the specific area 8 where the user A1 has entered.
  • the third information is created and the mobile terminal 4 Output. That is, there are a plurality of receiving systems 2, and each of them is provided in a plurality of specific areas 8. Then, the third information is output from each of the plurality of receiving systems 2 to the mobile terminal 4. In other words, the mobile terminal 4 is configured to acquire the third information in one or more specific areas 8 of the plurality of specific areas 8.
  • the second communication unit 12 When the second information is input from the processing unit 13, the second communication unit 12 outputs the second information to the reception system 2 by communicating with the reception system 2 in the inner region 60 via the network 5.
  • the second information is key information for decrypting the first information.
  • the second information is a common key.
  • the second information output to the receiving system 2 is the same as the common key that the communication system 1 has.
  • the public key cryptosystem when the public key cryptosystem is adopted, the second information is a public key. In this case, the public key that is the second information output to the receiving system 2 and the secret key that the communication system 1 has are different from each other.
  • the second information is updated every predetermined time (for example, in the morning, one day, one week), for example, and output from the communication system 1 to the plurality of receiving systems 2.
  • the update of the second information is automatically performed, for example, when the processor of the communication system 1 executes a program stored in the memory.
  • the update of the second information may be performed manually by an administrator of the communication system 1 or the like, for example.
  • connection between the first communication unit 11 and each of the one or more relay systems 3 may be, for example, a wired connection, a wireless connection, or a connection form via a repeater or the like It may be.
  • connection between the second communication unit 12 and each of the plurality of reception systems 2 may be, for example, a wired connection, a wireless connection, or via a repeater A connection form may be used.
  • the processing unit 13 When the request information from the mobile terminal 4 is input, the processing unit 13 performs authentication of identification information included in the request information. Specifically, the processing unit 13 includes a list of identification information for the plurality of portable terminals 4 stored in the first storage unit 101 (that is, a plurality of identification information). A list of identification information about the user A1). If the identification information of the transmission source portable terminal 4 is included in the list, the processing unit 13 determines that the authentication is successful, and includes the identification information of the transmission source portable terminal 4, the corresponding access authority, and the electronic signature. The first information is created by encrypting the data. Then, the processing unit 13 transmits the first information from the first communication unit 11 to the mobile terminal 4 that is the transmission source.
  • the processing unit 13 is configured to execute authentication of the identification information, and output the first information from the first communication unit 11 to the mobile terminal 4 that is the transmission source of the request information when the authentication is successful. .
  • the processing unit 13 determines that the authentication has failed, and transmits, for example, notification information indicating that the authentication has failed from the first communication unit 11. Transmit to the original portable terminal 4.
  • the first storage unit 101 and the second storage unit 102 each include a rewritable nonvolatile memory such as an EEPROM (Electrically Erasable Programmable Read-Only Memory).
  • the first storage unit 101 stores a database in which identification information about a plurality of mobile terminals 4 and access authority are associated with each other.
  • the second storage unit 102 stores a database of second information about the plurality of receiving systems 2.
  • the receiving system 2 is provided in the inner region 60 and includes a communication unit 21 and an authentication unit 22.
  • the communication unit 21 receives the second information from the communication system 1 by communicating with the second communication unit 12 of the communication system 1 via the network 5.
  • the communication unit 21 outputs the received second information to the authentication unit 22. That is, the receiving system 2 is provided in the inner region 60 of the facility 6 and the outer region 61 separated by the gate 7 and receives the second information from the communication system 1.
  • the communication unit 21 acquires the first information from the mobile terminal 4 by performing wireless communication with the mobile terminal 4 in the inner region 60.
  • the communication unit 21 outputs the acquired first information to the authentication unit 22.
  • the method of wireless communication with the portable terminal 4 is short-range wireless communication such as Bluetooth (registered trademark) or NFC (Near Field Communication).
  • the wireless communication method may be, for example, Wi-Fi (registered trademark) or specific low-power wireless communication.
  • the communication unit 21 of the receiving system 2 is connected to the portable terminal 4 when the user A1 holds the portable terminal 4 over the card reader.
  • the first information is acquired from the portable terminal 4 by performing wireless communication.
  • the authentication unit 22 is mainly composed of a computer system (including a microcomputer) including a processor and a memory, for example. That is, the computer system functions as the authentication unit 22 by executing an appropriate program on the processor.
  • the authentication unit 22 stores the second information input from the communication unit 21. Further, when the first information is input from the communication unit 21, the authentication unit 22 performs authentication of the first information. Specifically, the authentication unit 22 decrypts the first information using the second information stored in advance. And the authentication part 22 test
  • the authentication unit 22 determines that the authentication is successful, and outputs a permission signal from the communication unit 21 to the opening / closing device 23. On the other hand, if at least one of the identification information, the access authority, and the electronic signature is invalid, the authentication unit 22 determines that the authentication has failed and, for example, sends notification information indicating that the authentication has failed from the communication unit 21 to the source It transmits with respect to the portable terminal 4.
  • the opening / closing device 23 is a device that opens and closes the doors 82 and 84 provided in the specific area 8.
  • the door here may be either a hinged door type or a sliding door type.
  • the opening / closing device 23 may open and close the doors 82 and 84 formed of automatic doors, or may be able to open and close the doors by unlocking electric locks provided on the doors 82 and 84.
  • the opening / closing device 23 opens the doors 82 and 84. As a result, the user A1 can enter the specific area 8.
  • the authentication unit 22 When the user A1 enters the specific area 8 or when a certain time has elapsed since the opening / closing device 23 opened the doors 82 and 84, the authentication unit 22 outputs a closing signal from the communication unit 21 to the opening / closing device 23.
  • the opening / closing device 23 closes the doors 82 and 84 when receiving the closing signal from the receiving system 2.
  • the opening / closing device 23 may be included in the reception system 2 or may be a separate body from the reception system 2. 2 and 3, the opening / closing device 23 is not shown.
  • the receiving system 2 is an entrance / exit management system that is provided in each of the plurality of specific areas 8 in the inner area 60 and manages entry and exit of the user A1 to the corresponding specific area 8. is there.
  • the receiving system 2 is also a lock management system that is provided in each of the plurality of doors 82 and 84 in the inner region 60 and manages locking and unlocking of the corresponding doors 82 and 84.
  • the first information includes the access authority as information regarding whether to enter and leave the corresponding specific area 8 and information about whether the corresponding doors 82 and 84 can be locked and unlocked.
  • the relay system 3 is provided in the gate 7 and acquires request information from the mobile terminal 4 by wireless communication with the mobile terminal 4 in the outer area 61. Then, the relay system 3 outputs the acquired request information to the communication system 1 by communicating with the communication system 1. That is, the relay system 3 is provided in the gate 7 that separates the inner region 60 and the outer region 61 of the facility 6 and relays communication between the communication system 1 and the portable terminal 4.
  • the method of wireless communication with the portable terminal 4 is short-range wireless communication such as Bluetooth (registered trademark) and NFC, for example, as with the receiving system 2.
  • the wireless communication method may be, for example, Wi-Fi (registered trademark) or specific low-power wireless communication.
  • the relay system 3 when the relay system 3 includes a beacon terminal, the relay system 3 continuously or intermittently transmits a beacon toward a predetermined area around the gate 7, for example.
  • the mobile terminal 4 enters a predetermined area and receives a beacon, the mobile terminal 4 transmits request information to the relay system 3. That is, in this case, the user A1 can output request information to the communication system 1 via the relay system 3 only by entering a predetermined area of the gate 7.
  • the relay system 3 is configured by a non-contact card reader
  • the relay system 3 wirelessly communicates with the mobile terminal 4 when the user A1 holds the mobile terminal 4 over the card reader.
  • the first information is acquired from the portable terminal 4 by communicating. That is, in this case, the user A1 can output request information to the communication system 1 via the relay system 3 by holding the portable terminal 4 over a card reader installed at the gate 7.
  • the relay system 3 outputs the first information to the mobile terminal 4 that is the transmission source of the request information.
  • the relay system 3 provided in the gate 7.
  • the portable terminal 4 is a portable information terminal such as a smartphone.
  • the mobile terminal 4 is mainly composed of a computer system (including a microcomputer) having a processor and a memory, for example.
  • the portable terminal 4 functions as a communication device with at least the receiving system 2 and the relay system 3 (the communication system 1 when there is no relay system 3) by installing dedicated application software and starting the application software. That is, the mobile terminal 4 is configured to be able to communicate with the reception system 2 and the relay system 3 using the above-described wireless communication method.
  • the mobile terminal 4 is assigned identification information.
  • the identification information is information unique to the mobile terminal 4 and is information for identifying each mobile terminal 4. That is, the identification information is also information for identifying the user A1 who owns the mobile terminal 4.
  • the identification information is stored in a storage unit such as a nonvolatile memory of the mobile terminal 4, for example. Further, when the first information is acquired from the communication system 1, the acquired first information is stored in the storage unit of the mobile terminal 4. In addition, when the third information is acquired from the reception system 2, the acquired third information is stored in the storage unit of the mobile terminal 4.
  • the 2nd communication part 12 of the communication system 1 outputs 2nd information with respect to the receiving system 2, for example before opening of the plant
  • the facility 6 is opened, and the user A1 who owns the portable terminal 4 arrives at the gate 7 (step S102).
  • the portable terminal 4 outputs request information with the transmission destination as the communication system 1 (step S103). ).
  • the first communication unit 11 of the communication system 1 acquires request information from the mobile terminal 4 via the relay system 3.
  • the process part 13 of the communication system 1 performs the authentication of the identification information contained in the request information of the portable terminal 4 (step S104). If the authentication is successful, the processing unit 13 outputs the first information from the first communication unit 11 to the mobile terminal 4 (step S105). Thereafter, the mobile terminal 4 stores the first information acquired from the communication system 1.
  • the user A1 passes through the gate 7 and enters the inner area 60, and arrives at the specific area 8 where the user A1 has access authority (step S106).
  • the portable terminal 4 outputs the first information to the receiving system 2 (step S107).
  • the authentication unit 22 performs authentication of the first information of the portable terminal 4 using the second information (step S108). If the authentication is successful, the authentication unit 22 outputs a permission signal to the opening / closing device 23 (step S109). Then, the doors 82 and 84 are opened by the opening / closing device 23, so that the user A1 can enter the specific area 8 having the access authority.
  • the receiving system 2 outputs the third information to the mobile terminal 4 after successful authentication (step S110). Therefore, when the user A1 enters one or more specific areas 8, the mobile terminal 4 stores the third information every time the user A1 enters one or more specific areas 8.
  • the third information is used for grasping the behavior of the user A1.
  • the mobile terminal 4 acquires one or more third information corresponding to each of the one or more specific areas 8 when the user A1 visits the one or more specific areas 8.
  • the acquisition unit 111 of the communication system 1 communicates with the portable terminal 4 via the relay system 3 and the network 5,
  • One or more pieces of third information are acquired from the portable terminal 4.
  • the one or more pieces of third information are information relating to one or more specific areas 8, respectively.
  • the administrator of the communication system 1 grasps the history of one or more specific areas 8 visited by the user A1, in other words, the behavior of the user A1 by referring to the one or more third information acquired from the mobile terminal 4. Is possible.
  • the one or more pieces of third information acquired by the communication system 1 may be associated with the identification information of the mobile terminal 4 (that is, the identification information of the user A1) and stored in the database.
  • an expiration date may be set in the third information.
  • the portable terminal 4 may be comprised so that 1st information may be invalidated when the expiration date of the memorize
  • the expiration date of the third information is preferably invalidated when authentication in the next specific area 8 is successful.
  • the above embodiment is merely one of various embodiments of the present disclosure.
  • the above embodiment can be variously modified according to the design and the like as long as the object of the present disclosure can be achieved.
  • the function similar to the communication system 1 may be embodied by a communication method, a computer program, or a non-transitory recording medium storing the program.
  • the communication method includes a first step and a second step.
  • the first step is data encrypted with respect to the portable terminal 4 based on request information from the portable terminal 4 in the outer area 61 among the inner area 60 and the outer area 61 of the facility 6 separated by the gate 7.
  • This is a step of outputting certain first information.
  • the second step is a step of outputting second information, which is key information for decrypting the first information, to the receiving system 2 in the inner area 60.
  • the first step and the second step are in no particular order. That is, the first step may be executed before the second step, or the second step may be executed before the first step.
  • Computer program is a program for causing a computer to realize a first function and a second function.
  • the first function is data encrypted with respect to the portable terminal 4 based on request information from the portable terminal 4 in the outer area 61 among the inner area 60 and the outer area 61 of the facility 6 separated by the gate 7. This is a function for outputting certain first information.
  • the second function is a function of outputting second information, which is key information for decrypting the first information, to the receiving system 2 in the inner area 60.
  • the execution subject of the communication system 1 or the communication method in the present disclosure includes a computer system.
  • the computer system mainly includes a processor and a memory as hardware.
  • the processor executes the program recorded in the memory of the computer system, the function as the execution subject of the communication system 1 or the communication method in the present disclosure is realized.
  • the program may be recorded in advance in the memory of the computer system. Further, the program may be provided through an electric communication line, or may be provided by being recorded on a non-transitory recording medium such as a memory card, an optical disk, or a hard disk drive that can be read by a computer system.
  • a processor of a computer system includes one or more electronic circuits including a semiconductor integrated circuit (IC) or a large scale integrated circuit (LSI).
  • the plurality of electronic circuits may be integrated on one chip, or may be distributed on the plurality of chips.
  • the plurality of chips may be integrated into one device, or may be distributed and provided in a plurality of devices.
  • the total communication system 100 includes the communication system 1, the reception system 2, and the relay system 3, but the reception system 2 and the relay system 3 are indispensable for the total communication system 100. It is not a configuration. That is, the integrated communication system 100 only needs to include the communication system 1, and at least one of the reception system 2 and the relay system 3 may not be included in the components of the integrated communication system 100. In other words, the integrated communication system 100 may include the communication system 1 and the reception system 2 except for the relay system 3.
  • the comprehensive communication system 100 may include the communication system 1 and the relay system 3 except for the reception system 2.
  • the communication system 1 is realized by one system, but may be realized by two or more systems.
  • the functions of the first communication unit 11 and the second communication unit 12 may be distributed and provided in two systems.
  • the functions of the first communication unit 11, the second communication unit 12, the processing unit 13, the first storage unit 101, and the second storage unit 102 may be distributed in two or more systems.
  • the functions of the first communication unit 11, the second communication unit 12, the processing unit 13, the first storage unit 101, and the second storage unit 102 may be provided in one device that can be accommodated in one housing. In addition, it may be distributed in a plurality of devices.
  • at least a part of the functions of the communication system 1 may be realized by, for example, cloud (cloud computing).
  • the first communication unit 11 of the communication system 1 is configured to acquire request information from the mobile terminal 4 in the outer region 61, but the present invention is not limited to this.
  • the first communication unit 11 may acquire request information from the mobile terminal 4 at the gate 7 when the user A1 who owns the mobile terminal 4 enters the gate 7.
  • the first communication unit 11 of the communication system 1 may output the third information when outputting the first information to the mobile terminal 4 that is the transmission source of the request information. That is, in this case, the gate 7 also becomes the specific region 8.
  • the gate 7 also becomes the specific region 8.
  • the user A1 tries to enter the next specific area 8 after passing through the gate 7, if the user A1 goes to the next specific area 8 while taking a detour, the first specific information 8 is stored in the next specific area 8. The user cannot enter the next specific area 8 without being authenticated. That is, in this case, there is an advantage that the user A1 can be prompted to go to the specific area 8 without taking a detour.
  • the second communication unit 12 of the communication system 1 since the receiving system 2 authenticates the first information using the second information, the second communication unit 12 of the communication system 1 has the user A1 store the second information in advance in the receiving system 2. It is preferable to output the second information before passing through the gate 7.
  • the facility 6 is a facility to which a user A1 (employee) belongs, such as a factory, an office building, or a theme park
  • the second communication unit 12 outputs the second information before starting the facility 6. preferable.
  • the second communication unit 12 transmits the second information to the reception system 2 corresponding to the specific area 8 before the user A1 reaches the specific area 8. It only needs to be output.
  • the authentication unit 22 of the reception system 2 checks whether the identification information, access authority, and electronic signature of the mobile terminal 4 included in the decrypted first information are valid.
  • the authentication is executed, the purpose is not limited to this.
  • the authentication unit 22 may perform authentication of the first information depending on whether or not the first information can be decrypted using at least the second information. In this case, the authentication unit 22 determines that the authentication has succeeded if the first information can be decrypted, and determines that the authentication has failed if the first information cannot be decrypted.
  • the reception system 2 creates the third information and outputs it to the mobile terminal 4, but the present invention is not limited to this.
  • the receiving system 2 may be configured to output a signal requesting the third information to the communication system 1 when the first information is successfully authenticated.
  • the communication system 1 receives a signal from the reception system 2
  • the communication system 1 creates third information corresponding to the reception system 2 (in other words, the specific area 8), and sends the created third information to the reception system 2.
  • the receiving system 2 acquires 3rd information from the communication system 1, you may output the acquired 3rd information with respect to the portable terminal 4 of the transmission source of 1st information.
  • the receiving system 2 is a lock management system and an entry / exit management system, but the present invention is not limited to this.
  • the receiving system 2 may be configured only with a lock management system, or may be configured only with an entry / exit management system.
  • the relay system 3 may be configured to manage entry and exit from the gate 7 to the inner area 60 based on request information from the mobile terminal 4. For example, when the relay system 3 receives the request information from the mobile terminal 4 and relays the first information to the mobile terminal 4, the user A1 who owns the mobile terminal 4 moves from the gate 7 to the inner region 60. It is determined to enter, and the determination result is stored. In this way, the relay system 3 can manage the user A1 who has entered the inner area 60 from the gate 7.
  • the mobile terminal 4 communicates with the communication system 1 via the relay system 3 and the network 5, but the present invention is not limited to this.
  • the mobile terminal 4 may be configured to communicate with the communication system 1 via the network 5 instead of via the relay system 3.
  • the user A1 communicates with the communication system 1 via the network 5 by the mobile terminal 4 before arriving at the gate 7 (for example, when in a train used for commuting), thereby the first information It is also possible to obtain.
  • the mobile terminal 4 is connected to the network 5 via, for example, a mobile phone network (carrier network) provided by a communication carrier.
  • the mobile phone network includes, for example, a 3G (third generation) line, an LTE (Long Termination Evolution) line, and the like.
  • the mobile terminal 4 may be connected to the network 5 via, for example, a public wireless LAN (Local Area Network).
  • the mobile terminal 4 is a smartphone, but the present invention is not limited to this.
  • the portable terminal 4 may be a tablet terminal or a personal computer, for example.
  • the mobile terminal 4 can be directly worn by the user A1 or possessed by the user A1 such as a bag, such as a key holder type, employee card type, name tag type, glasses type, or watch type wearable terminal.
  • the structure which attaches may be sufficient.
  • the communication system (1) includes the first communication unit (11) and the second communication unit (12).
  • the first communication unit (11) receives request information from the portable terminal (4) in the outer region (61) among the inner region (60) and the outer region (61) of the facility (6) separated by the gate (7).
  • the first information which is encrypted data, is output to the mobile terminal (4) based on the above.
  • the second communication unit (12) sends second information, which is key information for decrypting the first information, to the receiving system (2) that can communicate with the portable terminal (4) in the inner area (60). Output.
  • the communication system (1) outputs the first information to the portable terminal (4) and outputs the second information to the receiving system (2).
  • the receiving system (2) since the receiving system (2) already stores the second information when decoding the first information, the mobile terminal (2) does not communicate with the communication system (1). It is possible to decode the first information from 4). Therefore, according to this aspect, even when there are a large number of users (A1) who own the mobile terminal (4), the second information is simultaneously transmitted from the plurality of receiving systems (2) to the communication system (1). The request does not cause a situation where communication traffic increases rapidly. That is, according to this aspect, when the receiving system (2) communicates with the mobile terminal (4), the receiving system (2) of the communication system (1) is compared with the communication system (1). There is an advantage that the communication load can be reduced.
  • the relay system (3) provided in the gate (7).
  • the portable terminal (4) can communicate with the communication system (1) via the relay system (3) even if the portable terminal (4) cannot communicate directly with the communication system (1). . Therefore, according to this aspect, there exists an advantage that the freedom degree of the communication system of a portable terminal (4) improves.
  • the communication system (1) further includes a processing unit (13) in the first or second aspect.
  • the request information includes identification information of the mobile terminal (4) that is the transmission source of the request information.
  • the processing unit (13) executes authentication of the identification information. When the authentication is successful, the processing unit (13) outputs the first information from the first communication unit (11) to the portable terminal (4) that is the transmission source of the request information. It is configured.
  • the first information is output after confirming whether or not the portable terminal (4) that is the transmission source of the request information is reliable, for example, to an unrelated third party such as a suspicious person
  • the output of the first information can be prevented.
  • an expiration date is set in the first information.
  • a third party such as a suspicious person can be prevented from entering the specific area (8) without the access authority using the first information acquired by some method in the past.
  • the third information is associated with each of the plurality of specific areas (8) in the inner area (60). ing.
  • the mobile terminal (4) is configured to acquire the third information in one or more specific areas (8) of the plurality of specific areas (8).
  • the user (A1) who has acquired the third information in any specific area (8) does not detour and moves to the next specific area 8.
  • the communication system (1) according to the sixth aspect further includes an acquisition unit (111) that acquires third information from the mobile terminal (4) in the inner region (60).
  • the communication system (1) according to the seventh aspect there are a plurality of receiving systems (2), each provided in a plurality of specific areas (8).
  • the third information is output from each of the plurality of receiving systems (2) to the mobile terminal (4).
  • each of the plurality of receiving systems (2) can output the third information to the mobile terminal (4) without communicating with the communication system (1). Therefore, according to this aspect, when outputting the third information to the mobile terminal (4), there is an advantage that the communication load between the communication system (1) and the reception system (2) is difficult to increase. .
  • the reception system (2) is provided in each of the plurality of specific areas (8) in the inner area (60). And entering and leaving the corresponding specific area (8).
  • the first information includes information regarding whether to enter and leave the corresponding specific area (8).
  • the reception system (2) is connected to each of the plurality of doors (82, 84) in the inner region (60). It is a lock management system that is provided and manages the locking and unlocking of the corresponding doors (82, 84).
  • the first information includes information regarding whether or not the corresponding door (82, 84) can be locked and unlocked.
  • the relay system (3) manages entry and exit from the gate (7) to the inner area (60) based on the request information. It is configured.
  • the integrated communication system (100) according to the eleventh aspect includes the communication system (1) according to any one of the first to tenth aspects and the relay system (3).
  • the relay system (3) is provided in the gate (7) and relays communication between the portable terminal (4) and the first communication unit (11).
  • the communication with the reception system (2) of the communication system (1) is compared with the communication system (1) when the reception system (2) communicates with the mobile terminal (4).
  • the integrated communication system (100) includes the communication system (1) according to any one of the first to tenth aspects and a plurality of reception systems (2).
  • the plurality of receiving systems (2) are provided in the inner region (60), respectively, and acquire the second information from the second communication unit (12).
  • the communication with the reception system (2) of the communication system (1) is compared with the communication system (1) when the reception system (2) communicates with the mobile terminal (4).
  • the relay system (3) is provided at the gate (7) separating the inner area (60) and the outer area (61) of the facility (6), and is connected to the communication system (1) and the mobile phone. Relay communication with the terminal (4).
  • the communication system (1) includes a first communication unit (11) and a second communication unit (12).
  • a 1st communication part (11) outputs the 1st information which is the data encrypted with respect to the portable terminal (4) based on the request information from the portable terminal (4) in an outer area
  • the second communication unit (12) outputs second information, which is key information for decrypting the first information, to the receiving system (2) in the inner area (60).
  • the communication with the reception system (2) of the communication system (1) is compared with the communication system (1) when the reception system (2) communicates with the mobile terminal (4).
  • the reception system (2) is provided in the inner region (60) of the inner region (60) and the outer region (61) of the facility (6) separated by the gate (7), and is used for communication.
  • the second information is received from the system (1).
  • the communication system (1) includes a first communication unit (11) and a second communication unit (12).
  • a 1st communication part (11) outputs the 1st information which is the data encrypted with respect to the portable terminal (4) based on the request information from the portable terminal (4) in an outer area
  • the second communication unit (12) outputs second information, which is key information for decrypting the first information, to the receiving system (2) in the inner area (60).
  • the communication with the reception system (2) of the communication system (1) is compared with the communication system (1) when the reception system (2) communicates with the mobile terminal (4).
  • the communication method includes a first step and a second step.
  • the first step is based on request information from the mobile terminal (4) in the outer area (61) of the inner area (60) and outer area (61) of the facility (6) separated by the gate (7). It is a step of outputting first information which is encrypted data to the portable terminal (4).
  • the second step is a step of outputting second information that is key information for decrypting the first information to the receiving system (2) in the inner area (60).
  • the communication with the reception system (2) of the communication system (1) is compared with the communication system (1) when the reception system (2) communicates with the mobile terminal (4).
  • the program according to the sixteenth aspect is a program for causing a computer to realize the first function and the second function.
  • the first function is based on request information from the portable terminal (4) in the outer area (61) of the inner area (60) and the outer area (61) of the facility (6) separated by the gate (7). This is a function for outputting first information that is encrypted data to the portable terminal (4).
  • the second function is a function of outputting second information, which is key information for decrypting the first information, to the receiving system (2) in the inner area (60).
  • the communication with the reception system (2) of the communication system (1) is compared with the communication system (1) when the reception system (2) communicates with the mobile terminal (4).
  • the configurations according to the second to tenth aspects are not essential to the communication system (1) and can be omitted as appropriate.
  • various configurations (including modifications) of the communication system 1 according to the embodiment can be appropriately realized by a communication method and a (computer) program.

Abstract

The present disclosure addresses the problem of reducing the load of communication with a reception system. A communication system (1) is provided with a first communication unit (11) and a second communication unit (12). The first communication unit (11) outputs first information, which is encoded data, to a portable terminal (4) on the basis of request information from the portable terminal (4) located in an outside region from among the outside region and an inside region of a facility separated by a gate. The second communication unit (12) outputs second information, which is key information for decoding the first information, to a reception system (2) that can communicate with the portable terminal (4) located in the inside region.

Description

通信システム、総合通信システム、中継システム、受信システム、通信方法、及びプログラムCOMMUNICATION SYSTEM, GENERAL COMMUNICATION SYSTEM, RELAY SYSTEM, RECEPTION SYSTEM, COMMUNICATION METHOD, AND PROGRAM
 本開示は、一般に通信システム、総合通信システム、中継システム、受信システム、通信方法、及びプログラムに関する。より詳細には、本開示は、受信システムに対して情報を出力する通信システム、総合通信システム、中継システム、受信システム、通信方法、及びプログラムに関する。 The present disclosure generally relates to a communication system, a comprehensive communication system, a relay system, a reception system, a communication method, and a program. More specifically, the present disclosure relates to a communication system, an integrated communication system, a relay system, a reception system, a communication method, and a program that output information to a reception system.
 従来、施設内の区画への利用者の入室または退室を制御する入退室管理システムが知られており、例えば特許文献1に開示されている。特許文献1に記載の入退室管理システムは、カードリーダと、制御装置と、を備えている。カードリーダは、施設の部屋の扉の近傍に設置され、電気錠と対応付けられている。制御装置は、カードリーダ及び電気錠と接続されている。制御装置は、カードリーダで読み取った個人識別情報を受信可能である。また、制御装置は、電気錠に対して施錠又は解錠の制御が可能である。 Conventionally, an entrance / exit management system for controlling entry / exit of a user to / from a section in a facility is known, and disclosed in, for example, Patent Document 1. The entrance / exit management system described in Patent Literature 1 includes a card reader and a control device. The card reader is installed near the door of the facility room and is associated with the electric lock. The control device is connected to the card reader and the electric lock. The control device can receive the personal identification information read by the card reader. The control device can control locking and unlocking of the electric lock.
 制御装置は、入退室管理サーバから送信された照合用情報を用いて、カードリーダで読み取った個人識別情報が扉を通過する権限を有するか否かを判断する。そして、制御装置は、権限を有する場合、個人識別番号を送信したカードリーダに対応する電気錠の解錠操作を行う。 The control device determines whether or not the personal identification information read by the card reader has the authority to pass through the door, using the verification information transmitted from the entry / exit management server. Then, when having the authority, the control device performs an unlocking operation of the electric lock corresponding to the card reader that transmitted the personal identification number.
 特許文献1に記載の入退室管理システムでは、例えば複数の利用者がそれぞれ複数のカードリーダ(受信システム)で一斉にICカード(携帯端末)をかざす等した場合、制御装置(通信システム)へ個人識別情報が一時に集中して送信される。このような場合、通信システムでは、受信システムとの通信の負荷が過大になる可能性があった。 In the entrance / exit management system described in Patent Document 1, for example, when a plurality of users hold IC cards (portable terminals) all at once with a plurality of card readers (reception systems), for example, an individual is transferred to the control device (communication system) Identification information is concentrated and transmitted at a time. In such a case, in the communication system, the communication load with the receiving system may be excessive.
特開2013-140517号公報JP 2013-140517 A
 本開示は、上記の点に鑑みてなされており、受信システムとの通信の負荷を低減することのできる通信システム、総合通信システム、中継システム、受信システム、通信方法、及びプログラムを提供することを目的とする。 The present disclosure has been made in view of the above points, and provides a communication system, a comprehensive communication system, a relay system, a reception system, a communication method, and a program capable of reducing a load of communication with the reception system. Objective.
 本開示の一態様に係る通信システムは、第1通信部と、第2通信部と、を備える。前記第1通信部は、ゲートにより隔てられる施設の内側領域と外側領域のうち前記外側領域にある携帯端末からの要求情報に基づいて、前記携帯端末に対して暗号化されたデータである第1情報を出力する。前記第2通信部は、前記内側領域にある前記携帯端末と通信可能な受信システムに対して、前記第1情報を復号するための鍵情報である第2情報を出力する。 The communication system according to an aspect of the present disclosure includes a first communication unit and a second communication unit. The first communication unit is data encrypted with respect to the mobile terminal based on request information from the mobile terminal in the outer area among the inner area and the outer area of the facility separated by the gate. Output information. The second communication unit outputs second information, which is key information for decrypting the first information, to a receiving system capable of communicating with the mobile terminal in the inner area.
 本開示の一態様に係る総合通信システムは、上記の通信システムと、中継システムと、を備える。前記中継システムは、前記ゲートに設けられて前記携帯端末と前記第1通信部との間の通信を中継する。 A comprehensive communication system according to an aspect of the present disclosure includes the communication system described above and a relay system. The relay system relays communication between the mobile terminal and the first communication unit provided at the gate.
 本開示の一態様に係る総合通信システムは、上記の通信システムと、複数の受信システムと、を備える。前記複数の受信システムは、それぞれ前記内側領域に設けられて前記第2通信部から前記第2情報を取得する。 A comprehensive communication system according to an aspect of the present disclosure includes the communication system described above and a plurality of reception systems. Each of the plurality of receiving systems is provided in the inner region and acquires the second information from the second communication unit.
 本開示の一態様に係る中継システムは、施設の内側領域と外側領域とを隔てるゲートに設けられており、通信システムと、携帯端末との間の通信を中継する。前記通信システムは、第1通信部、及び第2通信部、を備える。前記第1通信部は、前記外側領域にある前記携帯端末からの要求情報に基づいて、前記携帯端末に対して暗号化されたデータである第1情報を出力する。前記第2通信部は、前記内側領域にある受信システムに対して、前記第1情報を復号するための鍵情報である第2情報を出力する。 The relay system according to one aspect of the present disclosure is provided at a gate that separates an inner area and an outer area of a facility, and relays communication between the communication system and the mobile terminal. The communication system includes a first communication unit and a second communication unit. The first communication unit outputs first information that is encrypted data to the mobile terminal based on request information from the mobile terminal in the outer area. The second communication unit outputs second information that is key information for decrypting the first information to the receiving system in the inner area.
 本開示の一態様に係る受信システムは、ゲートにより隔てられる施設の内側領域と外側領域のうち前記内側領域に設けられており、通信システムから第2情報を受信する。前記通信システムは、第1通信部、及び第2通信部、を備える。前記第1通信部は、前記外側領域にある携帯端末からの要求情報に基づいて、前記携帯端末に対して暗号化されたデータである第1情報を出力する。前記第2通信部は、前記内側領域にある受信システムに対して、前記第1情報を復号するための鍵情報である前記第2情報を出力する。 The reception system according to an aspect of the present disclosure is provided in the inner area of the facility inner area and the outer area separated by the gate, and receives the second information from the communication system. The communication system includes a first communication unit and a second communication unit. The first communication unit outputs first information, which is encrypted data, to the mobile terminal based on request information from the mobile terminal in the outer area. The second communication unit outputs the second information, which is key information for decrypting the first information, to the receiving system in the inner area.
 本開示の一態様に係る通信方法は、第1ステップと、第2ステップと、を有する。前記第1ステップは、ゲートにより隔てられる施設の内側領域と外側領域のうち前記外側領域にある携帯端末からの要求情報に基づいて、前記携帯端末に対して暗号化されたデータである第1情報を出力するステップである。前記第2ステップは、前記内側領域にある受信システムに対して、前記第1情報を復号するための鍵情報である第2情報を出力するステップである。 The communication method according to an aspect of the present disclosure includes a first step and a second step. The first step is data encrypted with respect to the mobile terminal based on request information from the mobile terminal in the outer area among the inner area and the outer area of the facility separated by the gate. Is a step of outputting. The second step is a step of outputting second information, which is key information for decrypting the first information, to the receiving system in the inner area.
 本開示の一態様に係るプログラムは、コンピュータに、第1機能と、第2機能と、を実現させるためのプログラムである。前記第1機能は、ゲートにより隔てられる施設の内側領域と外側領域のうち前記外側領域にある携帯端末からの要求情報に基づいて、前記携帯端末に対して暗号化されたデータである第1情報を出力する機能である。前記第2機能は、前記内側領域にある受信システムに対して、前記第1情報を復号するための鍵情報である第2情報を出力する機能である。 The program according to an aspect of the present disclosure is a program for causing a computer to realize the first function and the second function. The first function is data encrypted with respect to the mobile terminal based on request information from the mobile terminal in the outer area among the inner area and the outer area of the facility separated by the gate. It is a function to output. The second function is a function of outputting second information, which is key information for decrypting the first information, to the receiving system in the inner area.
図1は、本開示の一実施形態に係る通信システム及び総合通信システムの構成を示すブロック図である。FIG. 1 is a block diagram illustrating a configuration of a communication system and an integrated communication system according to an embodiment of the present disclosure. 図2は、同上の総合通信システムが用いられる施設の一例を示す概略図である。FIG. 2 is a schematic diagram showing an example of a facility where the integrated communication system is used. 図3は、同上の総合通信システムが用いられる施設の他の一例を示す概略図である。FIG. 3 is a schematic diagram showing another example of a facility in which the above integrated communication system is used. 図4は、同上の通信システム及び総合通信システムの動作の一例を示すシーケンス図である。FIG. 4 is a sequence diagram showing an example of operations of the communication system and the integrated communication system.
 (1)概要
 以下、実施形態に係る通信システム1及び総合通信システム100の概要について図1~図3を用いて説明する。本実施形態の総合通信システム100は、通信システム1と、複数(図1では、5つ)の受信システム2と、を備えている。複数の受信システム2は、いずれもゲート7により隔てられる施設6の内側領域60と外側領域61のうち内側領域60にあり、携帯端末4と通信可能である(図2及び図3参照)。ここで、施設6は、例えば工場、複合商業施設、テーマパーク等のように、敷地62に設置された複数の建物81の集合(敷地62を含む)である(図2参照)。この場合、ゲート7は、例えば敷地62内にある出入口に設置される。また、施設6は、例えばオフィスビル、集合住宅等のように、1棟の建物63である(図3参照)。この場合、ゲート7は、建物63の出入口に設置される。その他、施設6は、例えば福祉施設、病院又は店舗等であってもよいし、戸建住宅等であってもよい。 (1) Overview An overview of the communication system 1 and the integrated communication system 100 according to the embodiment will be described below with reference to FIGS. The total communication system 100 of this embodiment includes a communication system 1 and a plurality (five in FIG. 1) of reception systems 2. The plurality of receiving systems 2 are all located in the inner area 60 of the inner area 60 and the outer area 61 of the facility 6 separated by the gate 7 and can communicate with the mobile terminal 4 (see FIGS. 2 and 3). Here, the facility 6 is a set (including the site 62) of a plurality of buildings 81 installed on the site 62 such as a factory, a complex commercial facility, a theme park, and the like (see FIG. 2). In this case, the gate 7 is installed at, for example, an entrance / exit in the site 62. Further, the facility 6 is a single building 63 such as an office building or an apartment house (see FIG. 3). In this case, the gate 7 is installed at the entrance of the building 63. In addition, the facility 6 may be, for example, a welfare facility, a hospital, a store, or a detached house.
 通信システム1は、第1通信部11と、第2通信部12と、を備えている。第1通信部11は、外側領域61にある携帯端末4からの要求情報に基づいて、携帯端末4に対して暗号化されたデータである第1情報を出力するように構成されている。つまり、携帯端末4は、第1通信部11から第1情報を取得することが可能である。 The communication system 1 includes a first communication unit 11 and a second communication unit 12. The first communication unit 11 is configured to output first information that is encrypted data to the mobile terminal 4 based on request information from the mobile terminal 4 in the outer region 61. That is, the mobile terminal 4 can acquire the first information from the first communication unit 11.
 携帯端末4は、例えばスマートフォンであり、ユーザA1が所有している(図2参照)。ユーザA1は、例えば施設6に勤める従業員、又は施設6に訪問する訪問者などである。つまり、第1通信部11は、施設6の内側領域60に既に入場しているユーザA1の携帯端末4ではなく、施設6の内側領域60へ入場しようとしているユーザA1の携帯端末4に対して、第1情報を出力するように構成されている。そして、施設6の内側領域60に入場したユーザA1は、第1情報を有することになる。 The mobile terminal 4 is a smartphone, for example, and is owned by the user A1 (see FIG. 2). The user A1 is, for example, an employee who works for the facility 6, or a visitor who visits the facility 6. That is, the 1st communication part 11 is not with respect to the portable terminal 4 of the user A1 who has already entered the inner area | region 60 of the facility 6, but with respect to the portable terminal 4 of the user A1 who is going to enter the inner area | region 60 of the facility 6. The first information is output. And user A1 who entered inside field 60 of facility 6 has the 1st information.
 第2通信部12は、受信システム2に対して、第1情報を復号するための鍵情報である第2情報を出力するように構成されている。ここで、鍵情報は、例えば秘密鍵、又は公開鍵である。つまり、受信システム2は、第2通信部12から第2情報を取得することが可能である。そして、受信システム2は、この第2情報を用いて、携帯端末4からの第1情報を復号することが可能である。 The second communication unit 12 is configured to output the second information, which is key information for decrypting the first information, to the receiving system 2. Here, the key information is, for example, a secret key or a public key. That is, the receiving system 2 can acquire the second information from the second communication unit 12. And the receiving system 2 can decode the 1st information from the portable terminal 4 using this 2nd information.
 上述のように、本実施形態では、通信システム1は、第2情報を予め受信システム2に取得させることが可能である。そして、受信システム2は、予め取得してある第2情報を用いて、携帯端末4からの第1情報を復号することが可能である。つまり、本実施形態では、受信システム2は、携帯端末4と通信して第1情報を復号する際に、通信システム1と通信する必要がない。このため、本実施形態では、例えば複数の受信システム2がそれぞれ複数の携帯端末4と通信する際に、複数の受信システム2から通信システム1に対して一時に集中して信号が送信されるという事態が生じ難い。したがって、本実施形態では、通信システム1は、受信システム2との通信の負荷を低減することができる。という利点がある。 As described above, in the present embodiment, the communication system 1 can cause the reception system 2 to acquire the second information in advance. And the receiving system 2 can decode the 1st information from the portable terminal 4 using the 2nd information acquired previously. That is, in this embodiment, the receiving system 2 does not need to communicate with the communication system 1 when communicating with the mobile terminal 4 and decoding the first information. For this reason, in this embodiment, for example, when a plurality of receiving systems 2 communicate with a plurality of mobile terminals 4, signals are transmitted from the plurality of receiving systems 2 to the communication system 1 in a concentrated manner at a time. It is hard to happen. Therefore, in this embodiment, the communication system 1 can reduce the load of communication with the receiving system 2. There is an advantage.
 (2)詳細
 以下、本実施形態に係る通信システム1及び総合通信システム100について図1~図3を用いて詳細に説明する。本実施形態の総合通信システム100は、通信システム1と、複数(図1では5つ)の受信システム2と、1以上(図1では1つ)の中継システム3と、を備えている。図1では、これらに加えて、携帯端末4と、インターネット等のネットワーク5と、が示されている。 (2) Details Hereinafter, the communication system 1 and the comprehensive communication system 100 according to the present embodiment will be described in detail with reference to FIGS. The total communication system 100 of this embodiment includes a communication system 1, a plurality of (five in FIG. 1) reception systems 2, and one or more (one in FIG. 1) relay systems 3. In addition to these, FIG. 1 shows a portable terminal 4 and a network 5 such as the Internet.
 また、図1には、2つの携帯端末4が示されているが、これらの携帯端末4は同じ端末であり、1人のユーザA1が所有する端末である。つまり、図1に示す2つの携帯端末4のうち一方の携帯端末4は、中継システム3と通信する時点の携帯端末を表しており、他方の携帯端末4は、受信システム2と通信する時点の携帯端末を表している。本実施形態では、携帯端末4が1つだけでなく、複数ある場合を想定している。また、ユーザA1は、1人につき1つの携帯端末4を所有する。このため、本実施形態では、ユーザA1が複数人いる場合を想定している。特に、本実施形態では、ユーザA1が数千人~数万人いる場合を想定しているが、通信システム1及び総合通信システム100が対象とするユーザA1の人数を限定する趣旨ではない。 Moreover, although two portable terminals 4 are shown in FIG. 1, these portable terminals 4 are the same terminals and are terminals owned by one user A1. That is, one mobile terminal 4 of the two mobile terminals 4 shown in FIG. 1 represents a mobile terminal at the time of communication with the relay system 3, and the other mobile terminal 4 at the time of communication with the reception system 2. Represents a mobile terminal. In the present embodiment, it is assumed that there are a plurality of mobile terminals 4 instead of only one. In addition, the user A1 owns one mobile terminal 4 per person. For this reason, in this embodiment, the case where there are multiple users A1 is assumed. In particular, in the present embodiment, it is assumed that there are thousands to tens of thousands of users A1, but this is not intended to limit the number of users A1 targeted by the communication system 1 and the integrated communication system 100.
 本実施形態では、複数の受信システム2は、内側領域60にある複数の特定領域8の各々に設けられている。例えば、図2に示すように施設6が工場である場合、工場内の道路の交差点、広場、建物81などが特定領域8となる。図2に示す例では、複数の建物81の各々が特定領域8である。また、例えば、図3に示すように施設6がオフィスビルである場合、建物63内にある廊下、エレベータホール、エントランスホール、部屋83などが特定領域8となる。その他、1つの部屋83が複数の特定領域8に区分けされていてもよい。図3に示す例では、複数の部屋83の各々が特定領域8である。特定領域8は、施設6の所有者により管理されていてもよいし、施設6の所有者から借り受けている事業者(テナント)により管理されていてもよい。 In the present embodiment, the plurality of receiving systems 2 are provided in each of the plurality of specific areas 8 in the inner area 60. For example, when the facility 6 is a factory as shown in FIG. In the example illustrated in FIG. 2, each of the plurality of buildings 81 is the specific region 8. For example, as shown in FIG. 3, when the facility 6 is an office building, the corridor, the elevator hall, the entrance hall, the room 83 and the like in the building 63 are the specific area 8. In addition, one room 83 may be divided into a plurality of specific areas 8. In the example shown in FIG. 3, each of the plurality of rooms 83 is the specific area 8. The specific area 8 may be managed by the owner of the facility 6, or may be managed by a business operator (tenant) borrowed from the owner of the facility 6.
 図2に示す例では、複数の受信システム2は、それぞれ複数の建物81の出入口となる扉82付近の壁に取り付けられている。また、図3に示す例では、複数の受信システム2は、それぞれ複数の部屋83の出入口となる扉84付近の壁に取り付けられている。もちろん、受信システム2の位置を限定する趣旨ではなく、受信システム2は、特定領域8にて携帯端末4と通信可能な位置に設けられていればよい。 In the example shown in FIG. 2, the plurality of receiving systems 2 are each attached to a wall near the door 82 that serves as an entrance / exit of the plurality of buildings 81. In the example shown in FIG. 3, the plurality of receiving systems 2 are attached to the walls near the doors 84 serving as the entrances and exits of the plurality of rooms 83. Needless to say, the position of the receiving system 2 is not limited, and the receiving system 2 only needs to be provided at a position where it can communicate with the mobile terminal 4 in the specific area 8.
 また、本実施形態では、1以上の中継システム3は、施設6の1以上のゲート7の各々に設けられている。図2に示す例では、敷地62の出入口に複数(ここでは、4つ)のゲート7が設けられており、各ゲート7の間には仕切り72が設けられている。そして、中継システム3は、複数(ここでは、3つ)の仕切り72の各々に取り付けられている。つまり、中継システム3は、ゲート7と1対1に対応していなくてもよく、複数のゲート7に対応していてもよい。また、図3に示す例では、建物63の出入口にゲート7として扉73が設けられている。そして、中継システム3は、扉73付近の壁に取り付けられている。もちろん、中継システム3の位置を限定する趣旨ではなく、中継システム3は、外側領域61にある携帯端末4と通信可能な位置に設けられていればよい。 In this embodiment, one or more relay systems 3 are provided in each of one or more gates 7 of the facility 6. In the example shown in FIG. 2, a plurality of (here, four) gates 7 are provided at the entrance / exit of the site 62, and a partition 72 is provided between the gates 7. The relay system 3 is attached to each of a plurality of (here, three) partitions 72. That is, the relay system 3 may not correspond to the gate 7 on a one-to-one basis, and may correspond to a plurality of gates 7. In the example shown in FIG. 3, a door 73 is provided as a gate 7 at the entrance of the building 63. The relay system 3 is attached to a wall near the door 73. Needless to say, the position of the relay system 3 is not limited, and the relay system 3 may be provided at a position where the relay system 3 can communicate with the mobile terminal 4 in the outer area 61.
 通信システム1は、第1通信部11と、第2通信部12と、処理部13と、第1記憶部101と、第2記憶部102と、を備えている。本実施形態では、通信システム1は、サーバである。通信システム1は、例えばプロセッサ及びメモリを含むコンピュータシステム(マイクロコンピュータを含む)を主構成とする。つまり、コンピュータシステムは、適宜のプログラムをプロセッサにて実行することにより、通信システム1として機能する。 The communication system 1 includes a first communication unit 11, a second communication unit 12, a processing unit 13, a first storage unit 101, and a second storage unit 102. In the present embodiment, the communication system 1 is a server. The communication system 1 mainly includes a computer system (including a microcomputer) including a processor and a memory, for example. That is, the computer system functions as the communication system 1 by executing an appropriate program on the processor.
 第1通信部11は、中継システム3及びネットワーク5を介して、外側領域61にある携帯端末4と通信することで、携帯端末4からの要求情報を取得する。第1通信部11は、取得した要求情報を処理部13へ出力する。要求情報は、要求情報の送信元の携帯端末4の識別情報(ID:Identification)(つまり、ユーザA1の識別情報)を含んでいる。 The first communication unit 11 acquires request information from the mobile terminal 4 by communicating with the mobile terminal 4 in the outer area 61 via the relay system 3 and the network 5. The first communication unit 11 outputs the acquired request information to the processing unit 13. The request information includes identification information (ID: Identification) of the portable terminal 4 that is the transmission source of the request information (that is, identification information of the user A1).
 また、第1通信部11は、処理部13から第1情報が入力されると、ネットワーク5及び中継システム3を介して、入力された第1情報を携帯端末4へ出力する。第1情報は、第2情報に対応する鍵情報を用いて暗号化されたデータである。本実施形態では、例えば共通鍵暗号方式を採用する場合、第1情報は、共通鍵を用いて暗号化される。また、例えば公開鍵暗号方式を採用する場合、第1情報は、秘密鍵を用いて暗号化される。第1情報は、要求情報の送信元の携帯端末4の識別情報と、アクセス権限と、電子署名と、を含んでいる。 Further, when the first information is input from the processing unit 13, the first communication unit 11 outputs the input first information to the portable terminal 4 via the network 5 and the relay system 3. The first information is data encrypted using key information corresponding to the second information. In the present embodiment, for example, when a common key cryptosystem is adopted, the first information is encrypted using the common key. For example, when a public key cryptosystem is adopted, the first information is encrypted using a secret key. The first information includes the identification information of the mobile terminal 4 that is the transmission source of the request information, the access authority, and the electronic signature.
 本実施形態では、第1情報には、例えば出力日時などの有効期限が設定されている。例えば、処理部13は、後述するように第1情報を作成する際に、第1情報に有効期限を設定する。したがって、例えば第1情報の有効期限を超過した場合、第1情報は、無効となる。本実施形態では、第1情報の有効期限を超過すると、受信システム2にて第1情報の認証に失敗するため、ユーザA1は、アクセス権限を有していても特定領域8に入場することができない。 In this embodiment, an expiration date such as an output date is set in the first information. For example, the processing unit 13 sets an expiration date in the first information when creating the first information as will be described later. Therefore, for example, when the expiration date of the first information is exceeded, the first information becomes invalid. In the present embodiment, when the expiration date of the first information is exceeded, the authentication of the first information fails in the receiving system 2, so that the user A1 can enter the specific area 8 even if he has access authority. Can not.
 また、第1通信部11は、取得部111を有している。取得部111は、中継システム3及びネットワーク5を介して、内側領域60にある携帯端末4と通信することで、携帯端末4から第3情報を取得するように構成されている。例えば、取得部111は、ユーザA1がゲート7を通過して外側領域61へ退場するときに、携帯端末4と通信することで第3情報を取得する。取得部111は、取得した第3情報を処理部13へ出力する。第3情報は、内側領域60にある複数の特定領域8の各々に紐付けられている。第3情報は、例えば携帯端末4との認証を行った日時、特定領域8の属性(例えば、特定領域8が部屋83であれば部屋番号など)などの情報を含む。つまり、第3情報は、ユーザA1が入場した特定領域8に関する情報を含む。 In addition, the first communication unit 11 has an acquisition unit 111. The acquisition unit 111 is configured to acquire the third information from the mobile terminal 4 by communicating with the mobile terminal 4 in the inner region 60 via the relay system 3 and the network 5. For example, the acquisition unit 111 acquires the third information by communicating with the mobile terminal 4 when the user A1 passes through the gate 7 and leaves the outer region 61. The acquisition unit 111 outputs the acquired third information to the processing unit 13. The third information is associated with each of the plurality of specific areas 8 in the inner area 60. The third information includes, for example, information such as the date and time when authentication with the mobile terminal 4 was performed, and the attributes of the specific area 8 (for example, the room number if the specific area 8 is the room 83). That is, the third information includes information regarding the specific area 8 where the user A1 has entered.
 本実施形態では、後述するように、複数の特定領域8の各々に設けられた受信システム2が、携帯端末4の第1情報の認証に成功すると、第3情報を作成して携帯端末4に対して出力する。つまり、受信システム2は複数であって、それぞれ複数の特定領域8に設けられている。そして、第3情報は、複数の受信システム2の各々から携帯端末4に対して出力される。言い換えれば、携帯端末4は、複数の特定領域8のうちの1以上の特定領域8にて第3情報を取得するように構成されている。 In the present embodiment, as will be described later, when the receiving system 2 provided in each of the plurality of specific areas 8 succeeds in the authentication of the first information of the mobile terminal 4, the third information is created and the mobile terminal 4 Output. That is, there are a plurality of receiving systems 2, and each of them is provided in a plurality of specific areas 8. Then, the third information is output from each of the plurality of receiving systems 2 to the mobile terminal 4. In other words, the mobile terminal 4 is configured to acquire the third information in one or more specific areas 8 of the plurality of specific areas 8.
 第2通信部12は、処理部13から第2情報が入力されると、ネットワーク5を介して内側領域60にある受信システム2と通信することで、受信システム2に対して第2情報を出力する。第2情報は、第1情報を復号するための鍵情報である。本実施形態では、例えば共通鍵暗号方式を採用する場合、第2情報は共通鍵である。この場合、受信システム2へ出力される第2情報は、通信システム1が有する共通鍵と同じである。また、例えば公開鍵暗号方式を採用する場合、第2情報は公開鍵である。この場合、受信システム2へ出力される第2情報である公開鍵と、通信システム1が有する秘密鍵とは、互いに異なる鍵である。 When the second information is input from the processing unit 13, the second communication unit 12 outputs the second information to the reception system 2 by communicating with the reception system 2 in the inner region 60 via the network 5. To do. The second information is key information for decrypting the first information. In the present embodiment, for example, when the common key cryptosystem is adopted, the second information is a common key. In this case, the second information output to the receiving system 2 is the same as the common key that the communication system 1 has. For example, when the public key cryptosystem is adopted, the second information is a public key. In this case, the public key that is the second information output to the receiving system 2 and the secret key that the communication system 1 has are different from each other.
 本実施形態では、第2情報は、例えば一定時間(例えば、午前中、1日、1週間)ごとに更新され、通信システム1から複数の受信システム2に出力される。第2情報の更新は、例えば通信システム1のプロセッサがメモリに記憶されているプログラムを実行することにより、自動的に行われる。もちろん、第2情報の更新は、例えば通信システム1の管理者などにより、手動で行われてもよい。 In the present embodiment, the second information is updated every predetermined time (for example, in the morning, one day, one week), for example, and output from the communication system 1 to the plurality of receiving systems 2. The update of the second information is automatically performed, for example, when the processor of the communication system 1 executes a program stored in the memory. Of course, the update of the second information may be performed manually by an administrator of the communication system 1 or the like, for example.
 第1通信部11と、1以上の中継システム3の各々との間の接続は、例えば、有線接続であってもよいし、無線接続であってもよいし、中継器等を介した接続形態であってもよい。同様に、第2通信部12と、複数の受信システム2の各々との間の接続は、例えば、有線接続であってもよいし、無線接続であってもよいし、中継器等を介した接続形態であってもよい。 The connection between the first communication unit 11 and each of the one or more relay systems 3 may be, for example, a wired connection, a wireless connection, or a connection form via a repeater or the like It may be. Similarly, the connection between the second communication unit 12 and each of the plurality of reception systems 2 may be, for example, a wired connection, a wireless connection, or via a repeater A connection form may be used.
 処理部13は、携帯端末4からの要求情報が入力されると、要求情報に含まれる識別情報の認証を実行する。具体的には、処理部13は、要求情報の送信元の携帯端末4の識別情報と、第1記憶部101に記憶されている複数の携帯端末4についての識別情報のリスト(つまり、複数のユーザA1についての識別情報のリスト)とを照合する。送信元の携帯端末4の識別情報がリストに含まれていれば、処理部13は、認証が成功したと判定し、送信元の携帯端末4の識別情報、対応するアクセス権限、電子署名を含むデータを暗号化して第1情報を作成する。そして、処理部13は、第1通信部11から送信元の携帯端末4に対して第1情報を送信する。つまり、処理部13は、識別情報の認証を実行し、認証に成功すると、第1通信部11から要求情報の送信元の携帯端末4に対して第1情報を出力するように構成されている。一方、送信元の携帯端末4の識別情報がリストに含まれていなければ、処理部13は、認証が失敗したと判定し、例えば認証が失敗した旨の通知情報を第1通信部11から送信元の携帯端末4に対して送信する。 When the request information from the mobile terminal 4 is input, the processing unit 13 performs authentication of identification information included in the request information. Specifically, the processing unit 13 includes a list of identification information for the plurality of portable terminals 4 stored in the first storage unit 101 (that is, a plurality of identification information). A list of identification information about the user A1). If the identification information of the transmission source portable terminal 4 is included in the list, the processing unit 13 determines that the authentication is successful, and includes the identification information of the transmission source portable terminal 4, the corresponding access authority, and the electronic signature. The first information is created by encrypting the data. Then, the processing unit 13 transmits the first information from the first communication unit 11 to the mobile terminal 4 that is the transmission source. In other words, the processing unit 13 is configured to execute authentication of the identification information, and output the first information from the first communication unit 11 to the mobile terminal 4 that is the transmission source of the request information when the authentication is successful. . On the other hand, if the identification information of the transmission source mobile terminal 4 is not included in the list, the processing unit 13 determines that the authentication has failed, and transmits, for example, notification information indicating that the authentication has failed from the first communication unit 11. Transmit to the original portable terminal 4.
 第1記憶部101及び第2記憶部102は、それぞれ例えばEEPROM(Electrically Erasable Programmable Read-Only Memory)のような書き換え可能な不揮発性メモリを含む。第1記憶部101は、複数の携帯端末4についての識別情報と、アクセス権限とが対応付けられたデータベースを記憶している。第2記憶部102は、複数の受信システム2についての第2情報のデータベースを記憶している。 The first storage unit 101 and the second storage unit 102 each include a rewritable nonvolatile memory such as an EEPROM (Electrically Erasable Programmable Read-Only Memory). The first storage unit 101 stores a database in which identification information about a plurality of mobile terminals 4 and access authority are associated with each other. The second storage unit 102 stores a database of second information about the plurality of receiving systems 2.
 受信システム2は、内側領域60に設けられており、通信部21と、認証部22と、を備えている。通信部21は、ネットワーク5を介して、通信システム1の第2通信部12と通信することにより、通信システム1から第2情報を受信する。通信部21は、受信した第2情報を認証部22へ出力する。つまり、受信システム2は、ゲート7により隔てられる施設6の内側領域60と外側領域61のうち内側領域60に設けられており、通信システム1から第2情報を受信する。 The receiving system 2 is provided in the inner region 60 and includes a communication unit 21 and an authentication unit 22. The communication unit 21 receives the second information from the communication system 1 by communicating with the second communication unit 12 of the communication system 1 via the network 5. The communication unit 21 outputs the received second information to the authentication unit 22. That is, the receiving system 2 is provided in the inner region 60 of the facility 6 and the outer region 61 separated by the gate 7 and receives the second information from the communication system 1.
 また、通信部21は、内側領域60にある携帯端末4と無線通信することにより、携帯端末4から第1情報を取得する。通信部21は、取得した第1情報を認証部22へ出力する。携帯端末4との無線通信の方式は、例えばBluetooth(登録商標)、NFC(Near Field Communication)などの近距離無線通信である。その他、無線通信の方式は、例えばWi-Fi(登録商標)又は特定小電力無線通信などであってもよい。 Further, the communication unit 21 acquires the first information from the mobile terminal 4 by performing wireless communication with the mobile terminal 4 in the inner region 60. The communication unit 21 outputs the acquired first information to the authentication unit 22. The method of wireless communication with the portable terminal 4 is short-range wireless communication such as Bluetooth (registered trademark) or NFC (Near Field Communication). In addition, the wireless communication method may be, for example, Wi-Fi (registered trademark) or specific low-power wireless communication.
 一例として、受信システム2が非接触型のカードリーダで構成されている場合、受信システム2の通信部21は、ユーザA1が携帯端末4をカードリーダにかざしたときに、携帯端末4との間で無線通信することにより、携帯端末4から第1情報を取得する。 As an example, when the receiving system 2 is configured by a non-contact type card reader, the communication unit 21 of the receiving system 2 is connected to the portable terminal 4 when the user A1 holds the portable terminal 4 over the card reader. The first information is acquired from the portable terminal 4 by performing wireless communication.
 認証部22は、例えばプロセッサ及びメモリを含むコンピュータシステム(マイクロコンピュータを含む)を主構成とする。つまり、コンピュータシステムは、適宜のプログラムをプロセッサにて実行することにより、認証部22として機能する。認証部22は、通信部21から入力された第2情報を記憶する。また、認証部22は、通信部21から第1情報が入力されると、第1情報の認証を実行する。具体的には、認証部22は、予め記憶してある第2情報を用いて第1情報を復号する。そして、認証部22は、復号した第1情報に含まれる識別情報、アクセス権限、及び電子署名が正当であるか否かを検査する。識別情報、アクセス権限、及び電子署名の全てが正当である場合、認証部22は認証に成功したと判定し、通信部21から開閉装置23に対して許可信号を出力する。一方、識別情報、アクセス権限、及び電子署名のうち少なくとも1つが不正である場合、認証部22は認証に失敗したと判定し、例えば認証が失敗した旨の通知情報を通信部21から送信元の携帯端末4に対して送信する。 The authentication unit 22 is mainly composed of a computer system (including a microcomputer) including a processor and a memory, for example. That is, the computer system functions as the authentication unit 22 by executing an appropriate program on the processor. The authentication unit 22 stores the second information input from the communication unit 21. Further, when the first information is input from the communication unit 21, the authentication unit 22 performs authentication of the first information. Specifically, the authentication unit 22 decrypts the first information using the second information stored in advance. And the authentication part 22 test | inspects whether the identification information contained in the decoded 1st information, access authority, and an electronic signature are valid. If the identification information, access authority, and electronic signature are all valid, the authentication unit 22 determines that the authentication is successful, and outputs a permission signal from the communication unit 21 to the opening / closing device 23. On the other hand, if at least one of the identification information, the access authority, and the electronic signature is invalid, the authentication unit 22 determines that the authentication has failed and, for example, sends notification information indicating that the authentication has failed from the communication unit 21 to the source It transmits with respect to the portable terminal 4.
 開閉装置23は、特定領域8に設けられた扉82,84を開閉する装置である。ここでいう扉は、開き戸タイプ、引き戸タイプのどちらであってもよい。開閉装置23は、自動扉からなる扉82,84を開閉してもよいし、扉82,84に設けられた電気錠を解錠することで扉の開閉を可能にしてもよい。開閉装置23は、受信システム2からの許可信号を受信すると、扉82,84を開ける。これにより、ユーザA1は特定領域8へ入場することが可能になる。ユーザA1が特定領域8に入場すると、又は開閉装置23が扉82,84を開いてから一定時間が経過すると、認証部22は、通信部21から開閉装置23に対して閉信号を出力する。開閉装置23は、受信システム2からの閉信号を受信すると、扉82,84を閉じる。開閉装置23は、受信システム2に含まれていてもよいし、受信システム2とは別体であってもよい。また、図2、図3では、開閉装置23の図示を省略している。 The opening / closing device 23 is a device that opens and closes the doors 82 and 84 provided in the specific area 8. The door here may be either a hinged door type or a sliding door type. The opening / closing device 23 may open and close the doors 82 and 84 formed of automatic doors, or may be able to open and close the doors by unlocking electric locks provided on the doors 82 and 84. When receiving the permission signal from the receiving system 2, the opening / closing device 23 opens the doors 82 and 84. As a result, the user A1 can enter the specific area 8. When the user A1 enters the specific area 8 or when a certain time has elapsed since the opening / closing device 23 opened the doors 82 and 84, the authentication unit 22 outputs a closing signal from the communication unit 21 to the opening / closing device 23. The opening / closing device 23 closes the doors 82 and 84 when receiving the closing signal from the receiving system 2. The opening / closing device 23 may be included in the reception system 2 or may be a separate body from the reception system 2. 2 and 3, the opening / closing device 23 is not shown.
 つまり、本実施形態では、受信システム2は、内側領域60にある複数の特定領域8の各々に設けられて、対応する特定領域8へのユーザA1の入場及び退場を管理する入退管理システムである。また、受信システム2は、内側領域60にある複数の扉82,84の各々に設けられて、対応する扉82,84の施錠及び解錠を管理する錠管理システムでもある。そして、第1情報は、対応する特定領域8への入場及び退場の可否に関する情報として、かつ、対応する扉82,84の施錠及び解錠の可否に関する情報として、アクセス権限を含んでいる。 That is, in this embodiment, the receiving system 2 is an entrance / exit management system that is provided in each of the plurality of specific areas 8 in the inner area 60 and manages entry and exit of the user A1 to the corresponding specific area 8. is there. The receiving system 2 is also a lock management system that is provided in each of the plurality of doors 82 and 84 in the inner region 60 and manages locking and unlocking of the corresponding doors 82 and 84. The first information includes the access authority as information regarding whether to enter and leave the corresponding specific area 8 and information about whether the corresponding doors 82 and 84 can be locked and unlocked.
 中継システム3は、ゲート7に設けられており、外側領域61にある携帯端末4と無線通信することにより、携帯端末4から要求情報を取得する。そして、中継システム3は、通信システム1と通信することにより、取得した要求情報を通信システム1に対して出力する。つまり、中継システム3は、施設6の内側領域60と外側領域61とを隔てるゲート7に設けられており、通信システム1と、携帯端末4との間の通信を中継する。携帯端末4との無線通信の方式は、受信システム2と同様に、例えばBluetooth(登録商標)、NFCなどの近距離無線通信である。その他、無線通信の方式は、例えばWi-Fi(登録商標)又は特定小電力無線通信などであってもよい。 The relay system 3 is provided in the gate 7 and acquires request information from the mobile terminal 4 by wireless communication with the mobile terminal 4 in the outer area 61. Then, the relay system 3 outputs the acquired request information to the communication system 1 by communicating with the communication system 1. That is, the relay system 3 is provided in the gate 7 that separates the inner region 60 and the outer region 61 of the facility 6 and relays communication between the communication system 1 and the portable terminal 4. The method of wireless communication with the portable terminal 4 is short-range wireless communication such as Bluetooth (registered trademark) and NFC, for example, as with the receiving system 2. In addition, the wireless communication method may be, for example, Wi-Fi (registered trademark) or specific low-power wireless communication.
 一例として、中継システム3がビーコン端末で構成されている場合、中継システム3は、例えばゲート7周辺の所定のエリアに向けて、ビーコンを連続送信又は間欠送信する。そして、携帯端末4は、所定のエリアに入りビーコンを受信すると、要求情報を中継システム3に対して送信する。つまり、この場合、ユーザA1は、ゲート7の所定のエリアに入るだけで、中継システム3を介して通信システム1に対して要求情報を出力することが可能である。また、一例として、中継システム3が非接触型のカードリーダで構成されている場合、中継システム3は、ユーザA1が携帯端末4をカードリーダにかざしたときに、携帯端末4との間で無線通信することにより、携帯端末4から第1情報を取得する。つまり、この場合、ユーザA1は、ゲート7に設置されたカードリーダに携帯端末4をかざすことにより、中継システム3を介して通信システム1に対して要求情報を出力することが可能である。 As an example, when the relay system 3 includes a beacon terminal, the relay system 3 continuously or intermittently transmits a beacon toward a predetermined area around the gate 7, for example. When the mobile terminal 4 enters a predetermined area and receives a beacon, the mobile terminal 4 transmits request information to the relay system 3. That is, in this case, the user A1 can output request information to the communication system 1 via the relay system 3 only by entering a predetermined area of the gate 7. As an example, when the relay system 3 is configured by a non-contact card reader, the relay system 3 wirelessly communicates with the mobile terminal 4 when the user A1 holds the mobile terminal 4 over the card reader. The first information is acquired from the portable terminal 4 by communicating. That is, in this case, the user A1 can output request information to the communication system 1 via the relay system 3 by holding the portable terminal 4 over a card reader installed at the gate 7.
 また、中継システム3は、通信システム1からの第1情報が入力されると、要求情報の送信元の携帯端末4に対して第1情報を出力する。このように、本実施形態では、要求情報及び第1情報のうち少なくとも一方は、ゲート7に設けられた中継システム3により、通信システム1と携帯端末4との間で中継されている。 Further, when the first information from the communication system 1 is input, the relay system 3 outputs the first information to the mobile terminal 4 that is the transmission source of the request information. As described above, in the present embodiment, at least one of the request information and the first information is relayed between the communication system 1 and the portable terminal 4 by the relay system 3 provided in the gate 7.
 携帯端末4は、例えばスマートフォン等の携帯情報端末である。携帯端末4は、例えばプロセッサ及びメモリを有するコンピュータシステム(マイクロコンピュータを含む)を主構成とする。携帯端末4は、専用のアプリケーションソフトをインストールし、このアプリケーションソフトを起動することにより、少なくとも受信システム2及び中継システム3(中継システム3が無い場合は通信システム1)との通信機器として機能する。つまり、携帯端末4は、上述の無線通信の方式を用いて、受信システム2及び中継システム3と通信可能に構成されている。 The portable terminal 4 is a portable information terminal such as a smartphone. The mobile terminal 4 is mainly composed of a computer system (including a microcomputer) having a processor and a memory, for example. The portable terminal 4 functions as a communication device with at least the receiving system 2 and the relay system 3 (the communication system 1 when there is no relay system 3) by installing dedicated application software and starting the application software. That is, the mobile terminal 4 is configured to be able to communicate with the reception system 2 and the relay system 3 using the above-described wireless communication method.
 携帯端末4には、識別情報が割り当てられている。識別情報は、携帯端末4に固有の情報であって、個々の携帯端末4を識別するための情報である。つまり、識別情報は、携帯端末4を所有するユーザA1を識別するための情報でもある。識別情報は、例えば携帯端末4の不揮発性メモリ等の記憶部に記憶されている。また、携帯端末4の記憶部には、通信システム1から第1情報を取得した場合、取得した第1情報が記憶される。その他、携帯端末4の記憶部には、受信システム2から第3情報を取得した場合、取得した第3情報が記憶される。 The mobile terminal 4 is assigned identification information. The identification information is information unique to the mobile terminal 4 and is information for identifying each mobile terminal 4. That is, the identification information is also information for identifying the user A1 who owns the mobile terminal 4. The identification information is stored in a storage unit such as a nonvolatile memory of the mobile terminal 4, for example. Further, when the first information is acquired from the communication system 1, the acquired first information is stored in the storage unit of the mobile terminal 4. In addition, when the third information is acquired from the reception system 2, the acquired third information is stored in the storage unit of the mobile terminal 4.
 (3)動作
 以下、本実施形態の通信システム1及び総合通信システム100の動作の一例について図4を用いて説明する。以下では、複数の受信システム2のうちの任意の1つの受信システム2、複数の中継システム3のうちの任意の1つの中継システム3、及び複数の携帯端末4のうちの任意の1つの携帯端末4に焦点を当てて説明する。まず、通信システム1の第2通信部12は、例えば施設6の開場前に、受信システム2に対して第2情報を出力する(ステップS101)。これにより、受信システム2は、第2情報を予め記憶することになる。 (3) Operation Hereinafter, an example of the operation of the communication system 1 and the comprehensive communication system 100 according to the present embodiment will be described with reference to FIG. In the following, any one receiving system 2 among the plurality of receiving systems 2, any one relay system 3 among the plurality of relay systems 3, and any one portable terminal among the plurality of portable terminals 4 A description will be given focusing on item 4. First, the 2nd communication part 12 of the communication system 1 outputs 2nd information with respect to the receiving system 2, for example before opening of the plant | facility 6 (step S101). Thereby, the receiving system 2 stores the second information in advance.
 その後、施設6が開場し、携帯端末4を所有するユーザA1がゲート7に到着する(ステップS102)。ユーザA1が中継システム3に携帯端末4をかざす、又は携帯端末4が中継システム3からのビーコンを受信する等すると、携帯端末4は、送信先を通信システム1として要求情報を出力する(ステップS103)。通信システム1の第1通信部11は、中継システム3を介して携帯端末4からの要求情報を取得する。そして、通信システム1の処理部13は、携帯端末4の要求情報に含まれる識別情報の認証を実行する(ステップS104)。認証に成功すると、処理部13は、第1通信部11から携帯端末4に対して第1情報を出力する(ステップS105)。以後、携帯端末4は、通信システム1から取得した第1情報を記憶することになる。 Thereafter, the facility 6 is opened, and the user A1 who owns the portable terminal 4 arrives at the gate 7 (step S102). When the user A1 holds the portable terminal 4 over the relay system 3, or the portable terminal 4 receives a beacon from the relay system 3, the portable terminal 4 outputs request information with the transmission destination as the communication system 1 (step S103). ). The first communication unit 11 of the communication system 1 acquires request information from the mobile terminal 4 via the relay system 3. And the process part 13 of the communication system 1 performs the authentication of the identification information contained in the request information of the portable terminal 4 (step S104). If the authentication is successful, the processing unit 13 outputs the first information from the first communication unit 11 to the mobile terminal 4 (step S105). Thereafter, the mobile terminal 4 stores the first information acquired from the communication system 1.
 その後、ユーザA1は、ゲート7を通過して内側領域60に入場し、ユーザA1がアクセス権限を有する特定領域8に到着する(ステップS106)。ユーザA1が受信システム2に携帯端末4をかざす等すると、携帯端末4は、受信システム2に対して第1情報を出力する(ステップS107)。受信システム2の通信部21が第1情報を取得すると、認証部22は、第2情報を用いて携帯端末4の第1情報の認証を実行する(ステップS108)。認証に成功すると、認証部22は、開閉装置23に対して許可信号を出力する(ステップS109)。そして、開閉装置23により扉82,84が開かれることで、ユーザA1は、アクセス権限を有する特定領域8へ入場することが可能になる。本実施形態では、受信システム2は、認証が成功した後に、携帯端末4に対して第3情報を出力している(ステップS110)。したがって、ユーザA1が1以上の特定領域8へ入場する場合、携帯端末4は、1以上の特定領域8へ入場するごとに第3情報を記憶することになる。 Thereafter, the user A1 passes through the gate 7 and enters the inner area 60, and arrives at the specific area 8 where the user A1 has access authority (step S106). When the user A1 holds the portable terminal 4 over the receiving system 2, the portable terminal 4 outputs the first information to the receiving system 2 (step S107). When the communication unit 21 of the reception system 2 acquires the first information, the authentication unit 22 performs authentication of the first information of the portable terminal 4 using the second information (step S108). If the authentication is successful, the authentication unit 22 outputs a permission signal to the opening / closing device 23 (step S109). Then, the doors 82 and 84 are opened by the opening / closing device 23, so that the user A1 can enter the specific area 8 having the access authority. In the present embodiment, the receiving system 2 outputs the third information to the mobile terminal 4 after successful authentication (step S110). Therefore, when the user A1 enters one or more specific areas 8, the mobile terminal 4 stores the third information every time the user A1 enters one or more specific areas 8.
 本実施形態では、第3情報は、ユーザA1の行動を把握するために用いられる。具体的には、携帯端末4は、ユーザA1が1以上の特定領域8を訪れることにより、1以上の特定領域8の各々に対応する1以上の第3情報を取得する。そして、ユーザA1がゲート7を通過して施設6の内側領域60から退場する際に、通信システム1の取得部111は、中継システム3及びネットワーク5を介して携帯端末4と通信することにより、携帯端末4から1以上の第3情報を取得する。ここで、1以上の第3情報は、それぞれ1以上の特定領域8に関する情報である。したがって、通信システム1の管理者は、携帯端末4から取得した1以上の第3情報を参照することにより、ユーザA1が訪れた1以上の特定領域8の履歴、言い換えればユーザA1の行動を把握することが可能である。通信システム1が取得した1以上の第3情報は、携帯端末4の識別情報(つまり、ユーザA1の識別情報)と紐付けてデータベースに記憶されてもよい。 In the present embodiment, the third information is used for grasping the behavior of the user A1. Specifically, the mobile terminal 4 acquires one or more third information corresponding to each of the one or more specific areas 8 when the user A1 visits the one or more specific areas 8. When the user A1 passes through the gate 7 and leaves the inner area 60 of the facility 6, the acquisition unit 111 of the communication system 1 communicates with the portable terminal 4 via the relay system 3 and the network 5, One or more pieces of third information are acquired from the portable terminal 4. Here, the one or more pieces of third information are information relating to one or more specific areas 8, respectively. Therefore, the administrator of the communication system 1 grasps the history of one or more specific areas 8 visited by the user A1, in other words, the behavior of the user A1 by referring to the one or more third information acquired from the mobile terminal 4. Is possible. The one or more pieces of third information acquired by the communication system 1 may be associated with the identification information of the mobile terminal 4 (that is, the identification information of the user A1) and stored in the database.
 ここで、第3情報には、有効期限が設定されていてもよい。そして、携帯端末4は、記憶している第3情報の有効期限が超過すると、第1情報を無効とするように構成されていてもよい。この場合、ユーザA1は、例えば任意の特定領域8へ入場した後に次の特定領域8へ入場しようとする場合に、寄り道をしながら次の特定領域8へ向かうと、次の特定領域8で第1情報の認証ができずに、次の特定領域8へ入場できなくなる。つまり、この場合、ユーザA1が寄り道せずに次の特定領域8へと向かうのを促すことができる、という利点がある。なお、第3情報の有効期限は、次の特定領域8での認証が成功した時点で無効にするのが好ましい。 Here, an expiration date may be set in the third information. And the portable terminal 4 may be comprised so that 1st information may be invalidated when the expiration date of the memorize | stored 3rd information exceeds. In this case, for example, when the user A1 enters the next specific area 8 after entering the specific area 8, for example, when the user A1 goes to the next specific area 8 while taking a detour, One information cannot be authenticated, and it becomes impossible to enter the next specific area 8. That is, in this case, there is an advantage that the user A1 can be prompted to move to the next specific area 8 without taking a detour. Note that the expiration date of the third information is preferably invalidated when authentication in the next specific area 8 is successful.
 (4)変形例
 上記実施形態は、本開示の様々な実施形態の一つに過ぎない。上記実施形態は、本開示の目的を達成できれば、設計等に応じて種々の変更が可能である。また、通信システム1と同様の機能は、通信方法、コンピュータプログラム、又はプログラムを記録した非一時的な記録媒体等で具現化されてもよい。 (4) Modification The above embodiment is merely one of various embodiments of the present disclosure. The above embodiment can be variously modified according to the design and the like as long as the object of the present disclosure can be achieved. Moreover, the function similar to the communication system 1 may be embodied by a communication method, a computer program, or a non-transitory recording medium storing the program.
 一態様に係る通信方法は、第1ステップと、第2ステップと、を有する。第1ステップは、ゲート7により隔てられる施設6の内側領域60と外側領域61のうち外側領域61にある携帯端末4からの要求情報に基づいて、携帯端末4に対して暗号化されたデータである第1情報を出力するステップである。第2ステップは、内側領域60にある受信システム2に対して、第1情報を復号するための鍵情報である第2情報を出力するステップである。ここで、第1ステップ及び第2ステップは順不同である。つまり、第1ステップを第2ステップより先に実行してもよいし、第2ステップを第1ステップよりも先に実行してもよい。 The communication method according to one aspect includes a first step and a second step. The first step is data encrypted with respect to the portable terminal 4 based on request information from the portable terminal 4 in the outer area 61 among the inner area 60 and the outer area 61 of the facility 6 separated by the gate 7. This is a step of outputting certain first information. The second step is a step of outputting second information, which is key information for decrypting the first information, to the receiving system 2 in the inner area 60. Here, the first step and the second step are in no particular order. That is, the first step may be executed before the second step, or the second step may be executed before the first step.
 一態様に係る(コンピュータ)プログラムは、コンピュータに、第1機能と、第2機能と、を実現させるためのプログラムである。第1機能は、ゲート7により隔てられる施設6の内側領域60と外側領域61のうち外側領域61にある携帯端末4からの要求情報に基づいて、携帯端末4に対して暗号化されたデータである第1情報を出力する機能である。第2機能は、内側領域60にある受信システム2に対して、第1情報を復号するための鍵情報である第2情報を出力する機能である。 (Computer) program according to one aspect is a program for causing a computer to realize a first function and a second function. The first function is data encrypted with respect to the portable terminal 4 based on request information from the portable terminal 4 in the outer area 61 among the inner area 60 and the outer area 61 of the facility 6 separated by the gate 7. This is a function for outputting certain first information. The second function is a function of outputting second information, which is key information for decrypting the first information, to the receiving system 2 in the inner area 60.
 以下、実施形態の変形例を列挙する。以下に説明する変形例は、適宜組み合わせて適用可能である。 Hereinafter, modifications of the embodiment will be listed. The modifications described below can be applied in appropriate combinations.
 本開示における通信システム1又は通信方法の実行主体は、コンピュータシステムを含んでいる。コンピュータシステムは、ハードウェアとしてのプロセッサ及びメモリを主構成とする。コンピュータシステムのメモリに記録されたプログラムをプロセッサが実行することによって、本開示における通信システム1又は通信方法の実行主体としての機能が実現される。プログラムは、コンピュータシステムのメモリに予め記録されていてもよい。また、プログラムは、電気通信回線を通じて提供されてもよいし、コンピュータシステムで読み取り可能なメモリカード、光学ディスク、ハードディスクドライブ等の非一時的な記録媒体に記録されて提供されてもよい。コンピュータシステムのプロセッサは、半導体集積回路(IC)又は大規模集積回路(LSI)を含む1乃至複数の電子回路で構成される。複数の電子回路は、1つのチップに集約されていてもよいし、複数のチップに分散して設けられていてもよい。複数のチップは、1つの装置に集約されていてもよいし、複数の装置に分散して設けられていてもよい。 The execution subject of the communication system 1 or the communication method in the present disclosure includes a computer system. The computer system mainly includes a processor and a memory as hardware. When the processor executes the program recorded in the memory of the computer system, the function as the execution subject of the communication system 1 or the communication method in the present disclosure is realized. The program may be recorded in advance in the memory of the computer system. Further, the program may be provided through an electric communication line, or may be provided by being recorded on a non-transitory recording medium such as a memory card, an optical disk, or a hard disk drive that can be read by a computer system. A processor of a computer system includes one or more electronic circuits including a semiconductor integrated circuit (IC) or a large scale integrated circuit (LSI). The plurality of electronic circuits may be integrated on one chip, or may be distributed on the plurality of chips. The plurality of chips may be integrated into one device, or may be distributed and provided in a plurality of devices.
 また、本実施形態では、総合通信システム100は、通信システム1と、受信システム2と、中継システム3と、を備えているが、受信システム2及び中継システム3は、総合通信システム100に必須の構成ではない。すなわち、総合通信システム100は、通信システム1を備えていればよく、受信システム2及び中継システム3の少なくとも一方については、総合通信システム100の構成要素に含まれてなくてもよい。言い換えれば、総合通信システム100は、中継システム3を除いて、通信システム1と、受信システム2と、を備えていてもよい。また、総合通信システム100は、受信システム2を除いて、通信システム1と、中継システム3と、を備えていてもよい。 In the present embodiment, the total communication system 100 includes the communication system 1, the reception system 2, and the relay system 3, but the reception system 2 and the relay system 3 are indispensable for the total communication system 100. It is not a configuration. That is, the integrated communication system 100 only needs to include the communication system 1, and at least one of the reception system 2 and the relay system 3 may not be included in the components of the integrated communication system 100. In other words, the integrated communication system 100 may include the communication system 1 and the reception system 2 except for the relay system 3. The comprehensive communication system 100 may include the communication system 1 and the relay system 3 except for the reception system 2.
 また、本実施形態では、通信システム1は、1つのシステムで実現されているが、2以上のシステムで実現されていてもよい。例えば、第1通信部11及び第2通信部12の機能が、2つのシステムに分散して設けられていてもよい。その他、例えば第1通信部11、第2通信部12、処理部13、第1記憶部101及び第2記憶部102の機能が、2以上のシステムに分散して設けられていてもよい。また、例えば第1通信部11、第2通信部12、処理部13、第1記憶部101及び第2記憶部102の機能が、1つの筐体に収まる1つの装置に設けられていてもよいし、複数の装置に分散して設けられていてもよい。その他、通信システム1の少なくとも一部の機能は、例えば、クラウド(クラウドコンピューティング)によって実現されていてもよい。 Further, in the present embodiment, the communication system 1 is realized by one system, but may be realized by two or more systems. For example, the functions of the first communication unit 11 and the second communication unit 12 may be distributed and provided in two systems. In addition, for example, the functions of the first communication unit 11, the second communication unit 12, the processing unit 13, the first storage unit 101, and the second storage unit 102 may be distributed in two or more systems. Further, for example, the functions of the first communication unit 11, the second communication unit 12, the processing unit 13, the first storage unit 101, and the second storage unit 102 may be provided in one device that can be accommodated in one housing. In addition, it may be distributed in a plurality of devices. In addition, at least a part of the functions of the communication system 1 may be realized by, for example, cloud (cloud computing).
 本実施形態では、通信システム1の第1通信部11は、外側領域61にある携帯端末4から要求情報を取得するように構成されているが、これに限定する趣旨ではない。例えば、第1通信部11は、携帯端末4を所有するユーザA1がゲート7に立ち入っているときに、ゲート7にある携帯端末4から要求情報を取得してもよい。 In the present embodiment, the first communication unit 11 of the communication system 1 is configured to acquire request information from the mobile terminal 4 in the outer region 61, but the present invention is not limited to this. For example, the first communication unit 11 may acquire request information from the mobile terminal 4 at the gate 7 when the user A1 who owns the mobile terminal 4 enters the gate 7.
 本実施形態において、通信システム1の第1通信部11は、要求情報の送信元の携帯端末4に対して第1情報を出力する際に、第3情報を出力してもよい。つまり、この場合、ゲート7も特定領域8となる。この場合、ユーザA1は、例えばゲート7を通過した後に次の特定領域8へ入場しようとする場合に、寄り道をしながら次の特定領域8へ向かうと、次の特定領域8で第1情報の認証ができずに、次の特定領域8へ入場できなくなる。つまり、この場合、ユーザA1が寄り道せずに特定領域8へと向かうのを促すことができる、という利点がある。 In the present embodiment, the first communication unit 11 of the communication system 1 may output the third information when outputting the first information to the mobile terminal 4 that is the transmission source of the request information. That is, in this case, the gate 7 also becomes the specific region 8. In this case, for example, when the user A1 tries to enter the next specific area 8 after passing through the gate 7, if the user A1 goes to the next specific area 8 while taking a detour, the first specific information 8 is stored in the next specific area 8. The user cannot enter the next specific area 8 without being authenticated. That is, in this case, there is an advantage that the user A1 can be prompted to go to the specific area 8 without taking a detour.
 本実施形態では、受信システム2が第2情報を用いて第1情報を認証するため、通信システム1の第2通信部12は、受信システム2に予め第2情報を記憶させるべく、ユーザA1がゲート7を通過する前に第2情報を出力するのが好ましい。例えば、施設6が工場、オフィスビル、又はテーマパーク等のユーザA1(従業員)が所属する施設である場合、第2通信部12は、施設6の始業前に第2情報を出力するのが好ましい。その他、ユーザA1がゲート7を通過した後であっても、第2通信部12は、ユーザA1が特定領域8に辿り着く前に、この特定領域8に対応する受信システム2に第2情報を出力していればよい。 In the present embodiment, since the receiving system 2 authenticates the first information using the second information, the second communication unit 12 of the communication system 1 has the user A1 store the second information in advance in the receiving system 2. It is preferable to output the second information before passing through the gate 7. For example, if the facility 6 is a facility to which a user A1 (employee) belongs, such as a factory, an office building, or a theme park, the second communication unit 12 outputs the second information before starting the facility 6. preferable. In addition, even after the user A1 passes through the gate 7, the second communication unit 12 transmits the second information to the reception system 2 corresponding to the specific area 8 before the user A1 reaches the specific area 8. It only needs to be output.
 本実施形態では、受信システム2の認証部22は、復号した第1情報に含まれる携帯端末4の識別情報、アクセス権限、電子署名が正当であるか否かを検査することで第1情報の認証を実行しているが、これに限定する趣旨ではない。例えば、認証部22は、少なくとも第2情報を用いた第1情報の復号を行えるか否かにより、第1情報の認証を実行してもよい。この場合、認証部22は、第1情報を復号できれば認証に成功したと判定し、第1情報を復号できなければ認証に失敗したと判定する。 In the present embodiment, the authentication unit 22 of the reception system 2 checks whether the identification information, access authority, and electronic signature of the mobile terminal 4 included in the decrypted first information are valid. Although the authentication is executed, the purpose is not limited to this. For example, the authentication unit 22 may perform authentication of the first information depending on whether or not the first information can be decrypted using at least the second information. In this case, the authentication unit 22 determines that the authentication has succeeded if the first information can be decrypted, and determines that the authentication has failed if the first information cannot be decrypted.
 本実施形態では、受信システム2は、第3情報を作成して携帯端末4に対して出力しているが、これに限定する趣旨ではない。例えば、受信システム2は、第1情報の認証に成功すると、通信システム1に対して第3情報を要求する信号を出力するように構成されていてもよい。この場合、通信システム1は、受信システム2からの信号を受信すると、この受信システム2(言い換えれば、特定領域8)に対応する第3情報を作成し、作成した第3情報を受信システム2に対して出力する。そして、受信システム2は、通信システム1から第3情報を取得すると、第1情報の送信元の携帯端末4に対して、取得した第3情報を出力してもよい。 In the present embodiment, the reception system 2 creates the third information and outputs it to the mobile terminal 4, but the present invention is not limited to this. For example, the receiving system 2 may be configured to output a signal requesting the third information to the communication system 1 when the first information is successfully authenticated. In this case, when the communication system 1 receives a signal from the reception system 2, the communication system 1 creates third information corresponding to the reception system 2 (in other words, the specific area 8), and sends the created third information to the reception system 2. Output. And if the receiving system 2 acquires 3rd information from the communication system 1, you may output the acquired 3rd information with respect to the portable terminal 4 of the transmission source of 1st information.
 本実施形態では、受信システム2は錠管理システムであり、かつ、入退管理システムであるが、これに限定する趣旨ではない。例えば、受信システム2は、錠管理システムだけで構成されていてもよいし、入退管理システムだけで構成されていてもよい。 In this embodiment, the receiving system 2 is a lock management system and an entry / exit management system, but the present invention is not limited to this. For example, the receiving system 2 may be configured only with a lock management system, or may be configured only with an entry / exit management system.
 本実施形態において、中継システム3は、携帯端末4からの要求情報に基づいてゲート7から内側領域60への入場及び退場を管理するように構成されていてもよい。例えば、中継システム3は、携帯端末4からの要求情報を受信し、かつ、携帯端末4に対して第1情報を中継する場合、携帯端末4を所有するユーザA1がゲート7から内側領域60へ入場すると判定し、判定結果を記憶する。このようにして、中継システム3は、ゲート7から内側領域60へ入場したユーザA1を管理することが可能である。 In the present embodiment, the relay system 3 may be configured to manage entry and exit from the gate 7 to the inner area 60 based on request information from the mobile terminal 4. For example, when the relay system 3 receives the request information from the mobile terminal 4 and relays the first information to the mobile terminal 4, the user A1 who owns the mobile terminal 4 moves from the gate 7 to the inner region 60. It is determined to enter, and the determination result is stored. In this way, the relay system 3 can manage the user A1 who has entered the inner area 60 from the gate 7.
 本実施形態では、携帯端末4は、中継システム3及びネットワーク5を介して通信システム1と通信しているが、これに限定する趣旨ではない。例えば、携帯端末4は、中継システム3を介さずに、ネットワーク5を介して通信システム1と通信する構成であってもよい。この場合、ユーザA1は、ゲート7に到着する前に(例えば、通勤に利用する電車内にいるときに)、携帯端末4によりネットワーク5を介して通信システム1と通信することで、第1情報を取得することも可能である。この場合、携帯端末4は、例えば通信事業者が提供する携帯電話網(キャリア網)を介して、ネットワーク5に接続される。携帯電話網には、例えば3G(第3世代)回線、LTE(Long Term Evolution)回線等がある。その他、携帯端末4は、例えば公衆無線LAN(Local Area Network)を介してネットワーク5に接続されてもよい。 In this embodiment, the mobile terminal 4 communicates with the communication system 1 via the relay system 3 and the network 5, but the present invention is not limited to this. For example, the mobile terminal 4 may be configured to communicate with the communication system 1 via the network 5 instead of via the relay system 3. In this case, the user A1 communicates with the communication system 1 via the network 5 by the mobile terminal 4 before arriving at the gate 7 (for example, when in a train used for commuting), thereby the first information It is also possible to obtain. In this case, the mobile terminal 4 is connected to the network 5 via, for example, a mobile phone network (carrier network) provided by a communication carrier. The mobile phone network includes, for example, a 3G (third generation) line, an LTE (Long Termination Evolution) line, and the like. In addition, the mobile terminal 4 may be connected to the network 5 via, for example, a public wireless LAN (Local Area Network).
 本実施形態では、携帯端末4はスマートフォンであるが、これに限定する趣旨ではない。携帯端末4は、例えばタブレット端末又はパーソナルコンピュータ等であってもよい。その他、携帯端末4は、キーホルダー型、社員証型、名札型、眼鏡型、又は時計型のウェアラブル端末等のように、ユーザA1が直接的に身に付ける又は鞄などのユーザA1の所持品に取り付ける構成であってもよい。 In the present embodiment, the mobile terminal 4 is a smartphone, but the present invention is not limited to this. The portable terminal 4 may be a tablet terminal or a personal computer, for example. In addition, the mobile terminal 4 can be directly worn by the user A1 or possessed by the user A1 such as a bag, such as a key holder type, employee card type, name tag type, glasses type, or watch type wearable terminal. The structure which attaches may be sufficient.
 (まとめ)
 以上述べたように、第1の態様に係る通信システム(1)は、第1通信部(11)と、第2通信部(12)と、を備える。第1通信部(11)は、ゲート(7)により隔てられる施設(6)の内側領域(60)と外側領域(61)のうち外側領域(61)にある携帯端末(4)からの要求情報に基づいて、携帯端末(4)に対して暗号化されたデータである第1情報を出力する。第2通信部(12)は、内側領域(60)にある携帯端末(4)と通信可能な受信システム(2)に対して、第1情報を復号するための鍵情報である第2情報を出力する。 (Summary)
As described above, the communication system (1) according to the first aspect includes the first communication unit (11) and the second communication unit (12). The first communication unit (11) receives request information from the portable terminal (4) in the outer region (61) among the inner region (60) and the outer region (61) of the facility (6) separated by the gate (7). The first information, which is encrypted data, is output to the mobile terminal (4) based on the above. The second communication unit (12) sends second information, which is key information for decrypting the first information, to the receiving system (2) that can communicate with the portable terminal (4) in the inner area (60). Output.
 この態様によれば、通信システム(1)が携帯端末(4)に対して第1情報を出力し、かつ、受信システム(2)に対して第2情報を出力する。このため、この態様によれば、受信システム(2)は、第1情報を復号する際には第2情報を既に記憶しているので、通信システム(1)と通信することなく、携帯端末(4)からの第1情報を復号することが可能である。このため、この態様によれば、携帯端末(4)を所有するユーザ(A1)が多数存在する場合でも、複数の受信システム(2)から一斉に通信システム(1)に対して第2情報を要求することで、通信トラフィックが急増するという事態が生じない。つまり、この態様によれば、受信システム(2)が携帯端末(4)と通信する際に通信システム(1)とも通信する場合と比較して、通信システム(1)の受信システム(2)との通信の負荷を低減することができる、という利点がある。 According to this aspect, the communication system (1) outputs the first information to the portable terminal (4) and outputs the second information to the receiving system (2). For this reason, according to this aspect, since the receiving system (2) already stores the second information when decoding the first information, the mobile terminal (2) does not communicate with the communication system (1). It is possible to decode the first information from 4). Therefore, according to this aspect, even when there are a large number of users (A1) who own the mobile terminal (4), the second information is simultaneously transmitted from the plurality of receiving systems (2) to the communication system (1). The request does not cause a situation where communication traffic increases rapidly. That is, according to this aspect, when the receiving system (2) communicates with the mobile terminal (4), the receiving system (2) of the communication system (1) is compared with the communication system (1). There is an advantage that the communication load can be reduced.
 第2の態様に係る通信システム(1)では、第1の態様において、要求情報及び第1情報のうち少なくとも一方は、ゲート(7)に設けられた中継システム(3)により中継される。 In the communication system (1) according to the second aspect, in the first aspect, at least one of the request information and the first information is relayed by the relay system (3) provided in the gate (7).
 この態様によれば、携帯端末(4)は、通信システム(1)と直接通信することのできない構成であっても、中継システム(3)を介して通信システム(1)と通信することができる。したがって、この態様によれば、携帯端末(4)の通信方式の自由度が向上する、という利点がある。 According to this aspect, the portable terminal (4) can communicate with the communication system (1) via the relay system (3) even if the portable terminal (4) cannot communicate directly with the communication system (1). . Therefore, according to this aspect, there exists an advantage that the freedom degree of the communication system of a portable terminal (4) improves.
 第3の態様に係る通信システム(1)は、第1又は第2の態様において、処理部(13)を更に備える。要求情報は、要求情報の送信元の携帯端末(4)の識別情報を含んでいる。処理部(13)は、識別情報の認証を実行し、認証に成功すると、第1通信部(11)から要求情報の送信元の携帯端末(4)に対して第1情報を出力するように構成されている。 The communication system (1) according to the third aspect further includes a processing unit (13) in the first or second aspect. The request information includes identification information of the mobile terminal (4) that is the transmission source of the request information. The processing unit (13) executes authentication of the identification information. When the authentication is successful, the processing unit (13) outputs the first information from the first communication unit (11) to the portable terminal (4) that is the transmission source of the request information. It is configured.
 この態様によれば、要求情報の送信元の携帯端末(4)が信頼できるか否かを確認した上で第1情報を出力するので、例えば不審者のような無関係の第三者に対して第1情報を出力するのを防ぐことができる、という利点がある。 According to this aspect, since the first information is output after confirming whether or not the portable terminal (4) that is the transmission source of the request information is reliable, for example, to an unrelated third party such as a suspicious person There is an advantage that the output of the first information can be prevented.
 第4の態様に係る通信システム(1)では、第1~第3のいずれかの態様において、第1情報には、有効期限が設定されている。 In the communication system (1) according to the fourth aspect, in any one of the first to third aspects, an expiration date is set in the first information.
 この態様によれば、例えば不審者のような第三者が、過去に何らかの方法で取得した第1情報を用いてアクセス権限の無い特定領域(8)へ入場するのを防ぐことができる、という利点がある。 According to this aspect, for example, a third party such as a suspicious person can be prevented from entering the specific area (8) without the access authority using the first information acquired by some method in the past. There are advantages.
 第5の態様に係る通信システム(1)では、第1~第4のいずれかの態様において、内側領域(60)にある複数の特定領域(8)には、それぞれ第3情報が紐付けられている。携帯端末(4)は、複数の特定領域(8)のうちの1以上の特定領域(8)にて第3情報を取得するように構成されている。 In the communication system (1) according to the fifth aspect, in any of the first to fourth aspects, the third information is associated with each of the plurality of specific areas (8) in the inner area (60). ing. The mobile terminal (4) is configured to acquire the third information in one or more specific areas (8) of the plurality of specific areas (8).
 この態様によれば、例えば第3情報に有効期限を設定することで、任意の特定領域(8)にて第3情報を取得したユーザ(A1)が寄り道せずに次の特定領域8へと向かうのを促すことができる、という利点がある。 According to this aspect, for example, by setting an expiration date in the third information, the user (A1) who has acquired the third information in any specific area (8) does not detour and moves to the next specific area 8. There is an advantage of being able to encourage heading.
 第6の態様に係る通信システム(1)は、第5の態様において、内側領域(60)にある携帯端末(4)から第3情報を取得する取得部(111)を更に備える。 In the fifth aspect, the communication system (1) according to the sixth aspect further includes an acquisition unit (111) that acquires third information from the mobile terminal (4) in the inner region (60).
 この態様によれば、携帯端末(4)から取得した1以上の第3情報を参照することにより、ユーザ(A1)が訪れた1以上の特定領域(8)の履歴、言い換えればユーザ(A1)の行動を把握することが可能になる、という利点がある。 According to this aspect, by referring to one or more third information acquired from the mobile terminal (4), the history of one or more specific areas (8) visited by the user (A1), in other words, the user (A1) There is an advantage that it becomes possible to grasp the behavior of.
 第7の態様に係る通信システム(1)では、第5又は第6の態様において、受信システム(2)は複数であって、それぞれ複数の特定領域(8)に設けられている。第3情報は、複数の受信システム(2)の各々から携帯端末(4)に対して出力される。 In the communication system (1) according to the seventh aspect, in the fifth or sixth aspect, there are a plurality of receiving systems (2), each provided in a plurality of specific areas (8). The third information is output from each of the plurality of receiving systems (2) to the mobile terminal (4).
 この態様によれば、複数の受信システム(2)の各々は、通信システム(1)と通信することなく第3情報を携帯端末(4)に対して出力することが可能である。したがって、この態様によれば、第3情報を携帯端末(4)に対して出力する際に、通信システム(1)と受信システム(2)との通信の負荷が増大し難い、という利点がある。 According to this aspect, each of the plurality of receiving systems (2) can output the third information to the mobile terminal (4) without communicating with the communication system (1). Therefore, according to this aspect, when outputting the third information to the mobile terminal (4), there is an advantage that the communication load between the communication system (1) and the reception system (2) is difficult to increase. .
 第8の態様に係る通信システム(1)では、第1~第7のいずれかの態様において、受信システム(2)は、内側領域(60)にある複数の特定領域(8)の各々に設けられて、対応する特定領域(8)への入場及び退場を管理するように構成されている。第1情報は、対応する特定領域(8)への入場及び退場の可否に関する情報を含む。 In the communication system (1) according to the eighth aspect, in any of the first to seventh aspects, the reception system (2) is provided in each of the plurality of specific areas (8) in the inner area (60). And entering and leaving the corresponding specific area (8). The first information includes information regarding whether to enter and leave the corresponding specific area (8).
 この態様によれば、複数の特定領域(8)の各々に入場した、又は複数の特定領域(8)の各々から退場したユーザ(A1)を管理することが可能になる、という利点がある。 According to this aspect, there is an advantage that it becomes possible to manage the user (A1) who entered each of the plurality of specific areas (8) or exited from each of the plurality of specific areas (8).
 第9の態様に係る通信システム(1)では、第1~第7のいずれかの態様において、受信システム(2)は、内側領域(60)にある複数の扉(82,84)の各々に設けられて、対応する扉(82,84)の施錠及び解錠を管理する錠管理システムである。第1情報は、対応する扉(82,84)の施錠及び解錠の可否に関する情報を含む。 In the communication system (1) according to the ninth aspect, in any one of the first to seventh aspects, the reception system (2) is connected to each of the plurality of doors (82, 84) in the inner region (60). It is a lock management system that is provided and manages the locking and unlocking of the corresponding doors (82, 84). The first information includes information regarding whether or not the corresponding door (82, 84) can be locked and unlocked.
 この態様によれば、扉(82,84)の施錠又は解錠を行ったユーザ(A1)を管理することが可能になる、という利点がある。 According to this aspect, there is an advantage that it becomes possible to manage the user (A1) who locked or unlocked the door (82, 84).
 第10の態様に係る通信システム(1)では、第2の態様において、中継システム(3)は、要求情報に基づいてゲート(7)から内側領域(60)への入場及び退場を管理するように構成されている。 In the communication system (1) according to the tenth aspect, in the second aspect, the relay system (3) manages entry and exit from the gate (7) to the inner area (60) based on the request information. It is configured.
 この態様によれば、ゲート(7)から内側領域(60)へ入場した、又は内側領域(60)から退場したユーザ(A1)を管理することが可能になる、という利点がある。 According to this aspect, there is an advantage that it becomes possible to manage the user (A1) who enters the inner area (60) from the gate (7) or leaves the inner area (60).
 第11の態様に係る総合通信システム(100)は、第1~第10のいずれかの態様の通信システム(1)と、中継システム(3)と、を備える。中継システム(3)は、ゲート(7)に設けられて携帯端末(4)と第1通信部(11)との間の通信を中継する。 The integrated communication system (100) according to the eleventh aspect includes the communication system (1) according to any one of the first to tenth aspects and the relay system (3). The relay system (3) is provided in the gate (7) and relays communication between the portable terminal (4) and the first communication unit (11).
 この態様によれば、受信システム(2)が携帯端末(4)と通信する際に通信システム(1)とも通信する場合と比較して、通信システム(1)の受信システム(2)との通信の負荷を低減することができる、という利点がある。 According to this aspect, the communication with the reception system (2) of the communication system (1) is compared with the communication system (1) when the reception system (2) communicates with the mobile terminal (4). There is an advantage that the load can be reduced.
 第12の態様に係る総合通信システム(100)は、第1~第10のいずれかの態様の通信システム(1)と、複数の受信システム(2)と、を備える。複数の受信システム(2)は、それぞれ内側領域(60)に設けられて第2通信部(12)から第2情報を取得する。 The integrated communication system (100) according to the twelfth aspect includes the communication system (1) according to any one of the first to tenth aspects and a plurality of reception systems (2). The plurality of receiving systems (2) are provided in the inner region (60), respectively, and acquire the second information from the second communication unit (12).
 この態様によれば、受信システム(2)が携帯端末(4)と通信する際に通信システム(1)とも通信する場合と比較して、通信システム(1)の受信システム(2)との通信の負荷を低減することができる、という利点がある。 According to this aspect, the communication with the reception system (2) of the communication system (1) is compared with the communication system (1) when the reception system (2) communicates with the mobile terminal (4). There is an advantage that the load can be reduced.
 第13の態様に係る中継システム(3)は、施設(6)の内側領域(60)と外側領域(61)とを隔てるゲート(7)に設けられており、通信システム(1)と、携帯端末(4)との間の通信を中継する。通信システム(1)は、第1通信部(11)、及び第2通信部(12)、を備える。第1通信部(11)は、外側領域(61)にある携帯端末(4)からの要求情報に基づいて、携帯端末(4)に対して暗号化されたデータである第1情報を出力する。第2通信部(12)は、内側領域(60)にある受信システム(2)に対して、第1情報を復号するための鍵情報である第2情報を出力する。 The relay system (3) according to the thirteenth aspect is provided at the gate (7) separating the inner area (60) and the outer area (61) of the facility (6), and is connected to the communication system (1) and the mobile phone. Relay communication with the terminal (4). The communication system (1) includes a first communication unit (11) and a second communication unit (12). A 1st communication part (11) outputs the 1st information which is the data encrypted with respect to the portable terminal (4) based on the request information from the portable terminal (4) in an outer area | region (61). . The second communication unit (12) outputs second information, which is key information for decrypting the first information, to the receiving system (2) in the inner area (60).
 この態様によれば、受信システム(2)が携帯端末(4)と通信する際に通信システム(1)とも通信する場合と比較して、通信システム(1)の受信システム(2)との通信の負荷を低減することができる、という利点がある。 According to this aspect, the communication with the reception system (2) of the communication system (1) is compared with the communication system (1) when the reception system (2) communicates with the mobile terminal (4). There is an advantage that the load can be reduced.
 第14の態様に係る受信システム(2)は、ゲート(7)により隔てられる施設(6)の内側領域(60)と外側領域(61)のうち内側領域(60)に設けられており、通信システム(1)から第2情報を受信する。通信システム(1)は、第1通信部(11)、及び第2通信部(12)、を備える。第1通信部(11)は、外側領域(61)にある携帯端末(4)からの要求情報に基づいて、携帯端末(4)に対して暗号化されたデータである第1情報を出力する。第2通信部(12)は、内側領域(60)にある受信システム(2)に対して、第1情報を復号するための鍵情報である第2情報を出力する。 The reception system (2) according to the fourteenth aspect is provided in the inner region (60) of the inner region (60) and the outer region (61) of the facility (6) separated by the gate (7), and is used for communication. The second information is received from the system (1). The communication system (1) includes a first communication unit (11) and a second communication unit (12). A 1st communication part (11) outputs the 1st information which is the data encrypted with respect to the portable terminal (4) based on the request information from the portable terminal (4) in an outer area | region (61). . The second communication unit (12) outputs second information, which is key information for decrypting the first information, to the receiving system (2) in the inner area (60).
 この態様によれば、受信システム(2)が携帯端末(4)と通信する際に通信システム(1)とも通信する場合と比較して、通信システム(1)の受信システム(2)との通信の負荷を低減することができる、という利点がある。 According to this aspect, the communication with the reception system (2) of the communication system (1) is compared with the communication system (1) when the reception system (2) communicates with the mobile terminal (4). There is an advantage that the load can be reduced.
 第15の態様に係る通信方法は、第1ステップと、第2ステップと、を有する。第1ステップは、ゲート(7)により隔てられる施設(6)の内側領域(60)と外側領域(61)のうち外側領域(61)にある携帯端末(4)からの要求情報に基づいて、携帯端末(4)に対して暗号化されたデータである第1情報を出力するステップである。第2ステップは、内側領域(60)にある受信システム(2)に対して、第1情報を復号するための鍵情報である第2情報を出力するステップである。 The communication method according to the fifteenth aspect includes a first step and a second step. The first step is based on request information from the mobile terminal (4) in the outer area (61) of the inner area (60) and outer area (61) of the facility (6) separated by the gate (7). It is a step of outputting first information which is encrypted data to the portable terminal (4). The second step is a step of outputting second information that is key information for decrypting the first information to the receiving system (2) in the inner area (60).
 この態様によれば、受信システム(2)が携帯端末(4)と通信する際に通信システム(1)とも通信する場合と比較して、通信システム(1)の受信システム(2)との通信の負荷を低減することができる、という利点がある。 According to this aspect, the communication with the reception system (2) of the communication system (1) is compared with the communication system (1) when the reception system (2) communicates with the mobile terminal (4). There is an advantage that the load can be reduced.
 第16の態様に係るプログラムは、コンピュータに、第1機能と、第2機能と、を実現させるためのプログラムである。第1機能は、ゲート(7)により隔てられる施設(6)の内側領域(60)と外側領域(61)のうち外側領域(61)にある携帯端末(4)からの要求情報に基づいて、携帯端末(4)に対して暗号化されたデータである第1情報を出力する機能である。第2機能は、内側領域(60)にある受信システム(2)に対して、第1情報を復号するための鍵情報である第2情報を出力する機能である。 The program according to the sixteenth aspect is a program for causing a computer to realize the first function and the second function. The first function is based on request information from the portable terminal (4) in the outer area (61) of the inner area (60) and the outer area (61) of the facility (6) separated by the gate (7). This is a function for outputting first information that is encrypted data to the portable terminal (4). The second function is a function of outputting second information, which is key information for decrypting the first information, to the receiving system (2) in the inner area (60).
 この態様によれば、受信システム(2)が携帯端末(4)と通信する際に通信システム(1)とも通信する場合と比較して、通信システム(1)の受信システム(2)との通信の負荷を低減することができる、という利点がある。 According to this aspect, the communication with the reception system (2) of the communication system (1) is compared with the communication system (1) when the reception system (2) communicates with the mobile terminal (4). There is an advantage that the load can be reduced.
 第2~第10の態様に係る構成については、通信システム(1)に必須の構成ではなく、適宜省略可能である。 The configurations according to the second to tenth aspects are not essential to the communication system (1) and can be omitted as appropriate.
 上記態様に限らず、実施形態に係る通信システム1の種々の構成(変形例を含む)は、通信方法、及び(コンピュータ)プログラムで適宜、具現化可能である。 Not limited to the above aspect, various configurations (including modifications) of the communication system 1 according to the embodiment can be appropriately realized by a communication method and a (computer) program.
 1 通信システム
 11 第1通信部
 111 取得部
 12 第2通信部
 13 処理部
 2 受信システム
 3 中継システム
 4 携帯端末
 6 施設
 60 内側領域
 61 外側領域
 7 ゲート
 8 特定領域
 82,84 扉
 100 総合通信システム
  DESCRIPTION OF SYMBOLS 1 Communication system 11 1st communication part 111 Acquisition part 12 2nd communication part 13 Processing part 2 Reception system 3 Relay system 4 Portable terminal 6 Facility 60 Inner area | region 61 Outer area | region 7 Gate 8 Specific area | region 82,84 Door 100 Comprehensive communication system

Claims (16)

  1.  ゲートにより隔てられる施設の内側領域と外側領域のうち前記外側領域にある携帯端末からの要求情報に基づいて、前記携帯端末に対して暗号化されたデータである第1情報を出力する第1通信部と、
     前記内側領域にある前記携帯端末と通信可能な受信システムに対して、前記第1情報を復号するための鍵情報である第2情報を出力する第2通信部と、を備える
     通信システム。     1st communication which outputs the 1st information which is the data encrypted with respect to the said portable terminal based on the request information from the portable terminal in the said outer area | region among the inner area | region and outer area | region of the facility separated by the gate And
    A communication system comprising: a second communication unit that outputs second information, which is key information for decrypting the first information, to a reception system capable of communicating with the portable terminal in the inner area.
  2.  前記要求情報及び前記第1情報のうち少なくとも一方は、前記ゲートに設けられた中継システムにより中継される
     請求項1記載の通信システム。     The communication system according to claim 1, wherein at least one of the request information and the first information is relayed by a relay system provided at the gate.
  3.  処理部を更に備え、
     前記要求情報は、前記要求情報の送信元の前記携帯端末の識別情報を含んでおり、
     前記処理部は、前記識別情報の認証を実行し、前記認証に成功すると、前記第1通信部から前記要求情報の送信元の前記携帯端末に対して前記第1情報を出力するように構成されている
     請求項1又は2に記載の通信システム。     A processing unit;
    The request information includes identification information of the mobile terminal that is the transmission source of the request information,
    The processing unit is configured to execute authentication of the identification information, and output the first information from the first communication unit to the portable terminal that is the transmission source of the request information when the authentication is successful. The communication system according to claim 1 or 2.
  4.  前記第1情報には、有効期限が設定されている
     請求項1乃至3のいずれか1項に記載の通信システム。     The communication system according to any one of claims 1 to 3, wherein an expiration date is set in the first information.
  5.  前記内側領域にある複数の特定領域には、それぞれ第3情報が紐付けられており、
     前記携帯端末は、前記複数の特定領域のうちの1以上の特定領域にて前記第3情報を取得するように構成されている
     請求項1乃至4のいずれか1項に記載の通信システム。     Third information is associated with each of the plurality of specific areas in the inner area,
    The communication system according to any one of claims 1 to 4, wherein the mobile terminal is configured to acquire the third information in one or more specific areas of the plurality of specific areas.
  6.  前記内側領域にある前記携帯端末から前記第3情報を取得する取得部を更に備える
     請求項5記載の通信システム。     The communication system according to claim 5, further comprising an acquisition unit that acquires the third information from the mobile terminal in the inner region.
  7.  前記受信システムは複数であって、それぞれ前記複数の特定領域に設けられており、
     前記第3情報は、前記複数の受信システムの各々から前記携帯端末に対して出力される
     請求項5又は6に記載の通信システム。     A plurality of the receiving systems, each provided in the plurality of specific areas;
    The communication system according to claim 5 or 6, wherein the third information is output from each of the plurality of reception systems to the mobile terminal.
  8.  前記受信システムは、前記内側領域にある複数の特定領域の各々に設けられて、対応する特定領域への入場及び退場を管理するように構成され、
     前記第1情報は、前記対応する特定領域への入場及び退場の可否に関する情報を含む
     請求項1乃至7のいずれか1項に記載の通信システム。     The receiving system is provided in each of a plurality of specific areas in the inner area, and is configured to manage entry and exit to a corresponding specific area,
    The communication system according to any one of claims 1 to 7, wherein the first information includes information regarding whether or not to enter and leave the corresponding specific area.
  9.  前記受信システムは、前記内側領域にある複数の扉の各々に設けられて、対応する扉の施錠及び解錠を管理する錠管理システムであって、
     前記第1情報は、前記対応する扉の施錠及び解錠の可否に関する情報を含む
     請求項1乃至7のいずれか1項に記載の通信システム。     The receiving system is a lock management system that is provided in each of the plurality of doors in the inner region and manages locking and unlocking of the corresponding doors,
    The communication system according to any one of claims 1 to 7, wherein the first information includes information related to whether the corresponding door is locked and unlocked.
  10.  前記中継システムは、前記要求情報に基づいて前記ゲートから前記内側領域への入場及び退場を管理するように構成されている
     請求項2記載の通信システム。     The communication system according to claim 2, wherein the relay system is configured to manage entry and exit from the gate to the inner area based on the request information.
  11.  請求項1乃至10のいずれか1項に記載の通信システムと、
     前記ゲートに設けられて前記携帯端末と前記第1通信部との間の通信を中継する中継システムと、を備える
     総合通信システム。     The communication system according to any one of claims 1 to 10,
    A relay system that is provided at the gate and relays communication between the mobile terminal and the first communication unit.
  12.  請求項1乃至10のいずれか1項に記載の通信システムと、
     前記内側領域に設けられて前記第2通信部から前記第2情報を取得する複数の受信システムと、を備える
     総合通信システム。     The communication system according to any one of claims 1 to 10,
    A plurality of reception systems provided in the inner region and acquiring the second information from the second communication unit.
  13.  施設の内側領域と外側領域とを隔てるゲートに設けられており、
     前記外側領域にある携帯端末からの要求情報に基づいて、前記携帯端末に対して暗号化されたデータである第1情報を出力する第1通信部、及び前記内側領域にある受信システムに対して、前記第1情報を復号するための鍵情報である第2情報を出力する第2通信部、を備える通信システムと、前記携帯端末との間の通信を中継する
     中継システム。     It is provided at the gate that separates the inner area and the outer area of the facility,
    Based on request information from a mobile terminal in the outer area, a first communication unit that outputs first information that is encrypted data to the mobile terminal, and a receiving system in the inner area A relay system that relays communication between a communication system including a second communication unit that outputs second information that is key information for decrypting the first information, and the mobile terminal.
  14.  ゲートにより隔てられる施設の内側領域と外側領域のうち前記内側領域に設けられており、
     前記外側領域にある携帯端末からの要求情報に基づいて、前記携帯端末に対して暗号化されたデータである第1情報を出力する第1通信部、及び前記内側領域にある受信システムに対して、前記第1情報を復号するための鍵情報である第2情報を出力する第2通信部を備える通信システムから、前記第2情報を受信する
     受信システム。     It is provided in the inner region of the inner region and the outer region of the facility separated by the gate,
    Based on request information from a mobile terminal in the outer area, a first communication unit that outputs first information that is encrypted data to the mobile terminal, and a receiving system in the inner area A receiving system that receives the second information from a communication system including a second communication unit that outputs second information that is key information for decrypting the first information.
  15.  ゲートにより隔てられる施設の内側領域と外側領域のうち前記外側領域にある携帯端末からの要求情報に基づいて、前記携帯端末に対して暗号化されたデータである第1情報を出力する第1ステップと、
     前記内側領域にある受信システムに対して、前記第1情報を復号するための鍵情報である第2情報を出力する第2ステップと、を有する
     通信方法。     A first step of outputting first information, which is encrypted data, to the portable terminal based on request information from the portable terminal in the outer area among the inner area and the outer area of the facility separated by the gate When,
    And a second step of outputting second information, which is key information for decrypting the first information, to the receiving system in the inner area.
  16.  コンピュータに、
     ゲートにより隔てられる施設の内側領域と外側領域のうち前記外側領域にある携帯端末からの要求情報に基づいて、前記携帯端末に対して暗号化されたデータである第1情報を出力する第1機能と、
     前記内側領域にある受信システムに対して、前記第1情報を復号するための鍵情報である第2情報を出力する第2機能と、を実現させるための
     プログラム。     On the computer,
    A first function for outputting first information, which is encrypted data, to the mobile terminal based on request information from the mobile terminal in the outer area among the inner area and the outer area of the facility separated by the gate When,
    A program for realizing a second function of outputting second information, which is key information for decrypting the first information, to the receiving system in the inner area.
PCT/JP2018/014845 2017-04-21 2018-04-09 Communication system, comprehensive communication system, relay system, reception system, communication method, and program WO2018193887A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2017-084885 2017-04-21
JP2017084885A JP6868819B2 (en) 2017-04-21 2017-04-21 Communication systems, integrated communication systems, relay systems, receiving systems, communication methods, and programs

Publications (1)

Publication Number Publication Date
WO2018193887A1 true WO2018193887A1 (en) 2018-10-25

Family

ID=63856664

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2018/014845 WO2018193887A1 (en) 2017-04-21 2018-04-09 Communication system, comprehensive communication system, relay system, reception system, communication method, and program

Country Status (2)

Country Link
JP (1) JP6868819B2 (en)
WO (1) WO2018193887A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004120257A (en) * 2002-09-25 2004-04-15 Hakko Automation Kk Lock management system and lock management method
JP2007034974A (en) * 2005-07-29 2007-02-08 Mitsubishi Electric Building Techno Service Co Ltd Security system
JP2008059576A (en) * 2006-08-02 2008-03-13 Dainippon Printing Co Ltd History information collecting system, method, equipment, device, and program
JP2015103917A (en) * 2013-11-22 2015-06-04 キヤノン株式会社 Server related to authentication and setting when scanning, image processing apparatus, service method, and image processing method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4268690B2 (en) * 1997-03-26 2009-05-27 ソニー株式会社 Authentication system and method, and authentication method
JP4340730B2 (en) * 2003-11-18 2009-10-07 日本電気株式会社 Service providing method and system in specific area
JP2006163763A (en) * 2004-12-07 2006-06-22 Nec Corp Event-holding method and system
JP2010226336A (en) * 2009-03-23 2010-10-07 Denso It Laboratory Inc Authentication method and authentication apparatus
JP5544803B2 (en) * 2009-09-25 2014-07-09 富士ゼロックス株式会社 Authentication system, authentication processing device, integrated authentication system, and program

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004120257A (en) * 2002-09-25 2004-04-15 Hakko Automation Kk Lock management system and lock management method
JP2007034974A (en) * 2005-07-29 2007-02-08 Mitsubishi Electric Building Techno Service Co Ltd Security system
JP2008059576A (en) * 2006-08-02 2008-03-13 Dainippon Printing Co Ltd History information collecting system, method, equipment, device, and program
JP2015103917A (en) * 2013-11-22 2015-06-04 キヤノン株式会社 Server related to authentication and setting when scanning, image processing apparatus, service method, and image processing method

Also Published As

Publication number Publication date
JP6868819B2 (en) 2021-05-12
JP2018182706A (en) 2018-11-15

Similar Documents

Publication Publication Date Title
US9437063B2 (en) Methods and systems for multi-unit real estate management
KR102325599B1 (en) Vehicle digital key sharing service method and system
US11164413B2 (en) Access control system with secure pass-through
ES2869159T3 (en) Procedure and system to enable remote check-in and coordinate access control
CN102550063B (en) The equipment of the access authority of management wireless network and method
JP2022073909A (en) Smart building integration and device hub
KR101296863B1 (en) Entry authentication system using nfc door lock
CN109074693B (en) Virtual panel for access control system
KR101814719B1 (en) System and method for remote controlling digital door-lock using smartphone
KR101554959B1 (en) Entrance authentication system for visitors using a temporary key by combining primary keys and entrance method thereof
KR101931951B1 (en) Controlling System And Method For An Door of Study Cafe
KR101887978B1 (en) System for doorlock comprising IoT module and control method thereof
WO2018193887A1 (en) Communication system, comprehensive communication system, relay system, reception system, communication method, and program
EP3997674A1 (en) A structure accesses unlocking system and associated method
JP5942910B2 (en) Key authentication system, key authentication method and program
KR101638585B1 (en) entrance system exploiting smart phone
JP2009245016A (en) Entering/leaving management system
JP2019085761A (en) Opening/closing control system
JP6007695B2 (en) Authentication system, authentication method, and authentication management apparatus
US20190301225A1 (en) Method for the management and control of accesses
JP6040862B2 (en) Entrance / exit management system
KR20200073769A (en) Management system for guest room using key code stored in door-lock
JP2019190111A (en) Key information generation system and key information generation method
JP2015185002A (en) history data notification system
JP4563007B2 (en) Multifunctional scanner system using a combination of portable terminals

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18788314

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18788314

Country of ref document: EP

Kind code of ref document: A1