WO2019244289A1 - Electronic lock system, electronic lock management method, and electronic lock management program - Google Patents

Electronic lock system, electronic lock management method, and electronic lock management program Download PDF

Info

Publication number
WO2019244289A1
WO2019244289A1 PCT/JP2018/023529 JP2018023529W WO2019244289A1 WO 2019244289 A1 WO2019244289 A1 WO 2019244289A1 JP 2018023529 W JP2018023529 W JP 2018023529W WO 2019244289 A1 WO2019244289 A1 WO 2019244289A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
unit
electronic lock
unlocking
verification
Prior art date
Application number
PCT/JP2018/023529
Other languages
French (fr)
Japanese (ja)
Inventor
大樹 小林
朋興 浮穴
直也 福岡
Original Assignee
三菱電機株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 三菱電機株式会社 filed Critical 三菱電機株式会社
Priority to PCT/JP2018/023529 priority Critical patent/WO2019244289A1/en
Priority to JP2020525158A priority patent/JP6779416B2/en
Publication of WO2019244289A1 publication Critical patent/WO2019244289A1/en

Links

Images

Classifications

    • EFIXED CONSTRUCTIONS
    • E05LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
    • E05BLOCKS; ACCESSORIES THEREFOR; HANDCUFFS
    • E05B49/00Electric permutation locks; Circuits therefor ; Mechanical aspects of electronic locks; Mechanical keys therefor

Definitions

  • the present invention relates to an electronic lock system, an electronic lock management method, and an electronic lock management program.
  • Patent Document 1 describes opening / closing control of an electronic lock in a plurality of article receiving boxes equipped with an electric lock.
  • a plurality of article receiving boxes are connected to a control unit, and the control unit is connected to a center server via a network. Then, the processing for unlocking is performed between the center server and the control unit.
  • Patent Literature 1 discloses a configuration in which the center server and the control unit communicate with each other when unlocking is determined. If the technology of Patent Document 1 is applied to security management of a plurality of doors in a large-scale building, door lock devices will individually communicate with the center server. Therefore, in a building where the number of users passing through the door is large, the communication amount increases. Also, the number of connection points with external networks to be managed from the viewpoint of information security increases in proportion to the number of doors.
  • the object of the present invention is to provide an electronic lock system that safely determines whether or not to open an electronic lock without increasing the amount of communication.
  • the electronic lock system includes: An electronic system comprising: an opening / closing system having equipment provided with an electronic lock; a terminal device that communicates with the opening / closing system by short-range wireless communication; and a server device that communicates with each of the opening / closing system and the terminal device via a communication network.
  • the server device A secret information storage unit that stores a secret key and a certificate of a public key corresponding to the secret key as secret information, Acquiring user authority information in which a user identifier for identifying a user who uses the facility and a facility identifier for identifying a facility that is permitted to be unlocked by the user are acquired, and the user authority information and the secret key are acquired.
  • a server communication unit that transmits the certificate to the opening / closing system as verification information and transmits the authenticated information to the terminal device,
  • the opening and closing system includes: Upon receiving the authenticated information by short-range wireless from the terminal device, a verification unit that verifies the validity of the unlocking authority using the authenticated information and the verification information, An unlocking unit that unlocks the electronic lock when the validity of the unlocking authority is verified by the verification unit.
  • the server In the electronic lock system according to the present invention, the server generates authenticated information for authenticating the validity of the unlocking authority of the user using the user authority information and the secret key. Further, the server device transmits a certificate of the public key corresponding to the secret key to the opening / closing system as verification information.
  • the opening / closing system when the authenticated information is acquired from the user by short-range wireless communication, the authenticity of the unlocking authority of the user is verified using the authenticated information and the verification information. Therefore, according to the electronic lock system of the present invention, it is possible to safely determine whether to open the electronic lock without increasing the amount of communication with the server device.
  • FIG. 2 is a functional configuration diagram of the electronic lock system according to the first embodiment.
  • FIG. 2 is a hardware configuration diagram of a server device according to the first embodiment.
  • FIG. 2 is a hardware configuration diagram of the terminal device according to the first embodiment.
  • FIG. 2 is a hardware configuration diagram of a management device according to the first embodiment.
  • FIG. 2 is a hardware configuration diagram of the key opening / closing device according to the first embodiment.
  • FIG. 4 is an operation flowchart of a secret information storage process according to the first embodiment.
  • FIG. 4 is a diagram showing an example of secret information according to the first embodiment.
  • FIG. 4 is an operation flowchart of a verification information delivery process according to the first embodiment.
  • FIG. 4 is a diagram showing an example of user authority information according to the first embodiment.
  • FIG. 5 is an operation flowchart of an authentication information generation process according to the first embodiment.
  • FIG. 4 is a diagram showing an example of unlocking authority data and authenticated information according to the first embodiment.
  • FIG. 5 is an operation flowchart of the authenticated information delivery process according to the first embodiment.
  • FIG. 5 is an operation flowchart of the unlocking process according to the first embodiment.
  • 9 shows a configuration example of an electronic lock system according to Embodiment 2.
  • FIG. 13 is an operation flowchart of a verification information delivery process according to the second embodiment.
  • FIG. 10 is an operation flowchart of an unlocking process according to the second embodiment.
  • FIG. 9 is a functional configuration diagram of an electronic lock system according to a third embodiment.
  • FIG. 13 is an operation flowchart of the authenticated information delivery processing according to the third embodiment.
  • FIG. 14 is an operation flowchart of an unlocking process according to the third embodiment.
  • FIG. 13 is a functional configuration diagram of an electronic lock system according to a fourth embodiment.
  • FIG. 14 is an operation flowchart of an unlocking process according to the fourth embodiment.
  • FIG. 14 is a diagram showing an example of an unlock log according to the fourth embodiment.
  • FIG. 15 is a functional configuration diagram of an electronic lock system according to a fifth embodiment.
  • FIG. 21 is an operation flowchart of an authentication information generation process according to the fifth embodiment.
  • 15 shows a configuration example of an unlocking authority storage unit according to the fifth embodiment.
  • FIG. 17 is a diagram showing an example of revocation information according to the fifth embodiment.
  • 15 shows a configuration example of a revocation information storage unit according to the fifth embodiment.
  • FIG. 17 is an operation flowchart of a secret information storage process according to the fifth embodiment.
  • FIG. 17 is an operation flowchart of a revocation information storage process according to the fifth embodiment.
  • FIG. 17 is an operation flowchart of an unlocking process according to the fifth embodiment.
  • FIG. 13 is a functional configuration diagram of an electronic lock system according to a sixth embodiment.
  • FIG. 21 is an operation flowchart of an authentication information generation process according to the sixth embodiment.
  • FIG. 17 is a diagram showing a configuration of a revocation information storage unit according to the sixth embodiment.
  • FIG. 21 is an operation flowchart of a revocation information storage process according to the sixth embodiment.
  • FIG. 19 is an operation flowchart of a revocation information transfer process according to the sixth embodiment.
  • FIG. 19 is an operation flowchart of a revocation information transfer process according to the sixth embodiment.
  • FIG. 21 is an operation flowchart of a revocation information storage process according to the sixth embodiment.
  • 15 shows a configuration example of user right information according to the seventh embodiment.
  • 15 shows a configuration example of user right information according to the seventh embodiment.
  • 17 shows a configuration example of unlocking authority data according to the seventh embodiment. 17 shows a configuration example of unlocking authority data according to the seventh embodiment.
  • FIG. 21 is an operation flowchart of an authentication information generation process according to the seventh embodiment.
  • FIG. 21 is an operation flowchart of an authenticated information delivery process according to the seventh embodiment.
  • FIG. 15 is a functional configuration diagram of an electronic lock system according to an eighth embodiment.
  • FIG. 17 is a diagram showing a configuration of a management terminal storage unit according to the eighth embodiment.
  • FIG. 17 is a diagram showing a configuration of a management device storage unit according to the eighth embodiment.
  • FIG. 28 is an operation flowchart of a secret information storage process according to the eighth embodiment.
  • FIG. 21 is an operation flowchart of a verification information temporary storage process according to the eighth embodiment.
  • FIG. 19 is an operation flow diagram of a verification information transfer process according to the eighth embodiment.
  • FIG. 1 is a functional configuration diagram of an electronic lock system 500 according to the present embodiment.
  • FIG. 2 is a hardware configuration diagram of server device 100 according to the present embodiment.
  • FIG. 3 is a hardware configuration diagram of terminal device 200 according to the present embodiment.
  • FIG. 4 is a hardware configuration diagram of the management device 300 according to the present embodiment.
  • FIG. 5 is a hardware configuration diagram of the key opening / closing device 400 according to the present embodiment.
  • the electronic lock system 500 includes a server device 100, a terminal device 200, and an opening / closing system 600.
  • the opening / closing system 600 includes a management device 300 and a key opening / closing device 400. That is, the electronic lock system 500 includes the server device 100, the terminal device 200, the management device 300, and the key opening / closing device 400.
  • the opening / closing system 600 has a facility 401 provided with an electronic lock 402.
  • the equipment 401 is, specifically, a door. That is, the electronic lock system 500 controls opening and closing of an electronic lock provided on a door in a building such as a building.
  • the terminal device 200 communicates with the opening / closing system 600 by short-range wireless communication.
  • the server device 100 communicates with each of the opening / closing system 600 and the terminal device 200 via the communication network 610.
  • the server device 100, the terminal device 200, and the management device 300 communicate via the communication network 610.
  • the communication network 610 is a public network such as the Internet, and is also called an external network.
  • the management device 300 and the key opening / closing device 400 communicate via an equipment network 620 provided in the building.
  • the equipment network 620 is an internal network such as a LAN (Local Area Network) or Wi-fi (registered trademark) provided in the building.
  • the terminal device 200 and the key opening / closing device 400 communicate via the short-range wireless network 630.
  • the short-range wireless network 630 is, for example, Bluetooth (registered trademark).
  • the server device 100 is a server-type computer.
  • the terminal device 200 is a portable terminal carried by a user who uses a building.
  • the terminal device 200 is, for example, a smartphone, a tablet, or another portable terminal.
  • the management device 300 is a server-type computer.
  • the management device 300 communicates with the server device 100 via the communication network 610.
  • the management device 300 manages the key opening / closing device 400 in a building such as a building.
  • the key opening / closing device 400 communicates with the management device 300 and controls opening / closing of the electronic lock 402.
  • the key opening / closing device 400 is installed in a facility 401 such as a door in a building, and controls opening / closing of an electronic lock 402 of the door.
  • Each of the server device 100, the terminal device 200, the management device 300, and the key opening / closing device 400 is a computer.
  • each device of the server device 100, the terminal device 200, the management device 300, and the key opening / closing device 400 may be referred to as each device of the electronic lock system 500.
  • the server device 100 includes a processor 910 and other hardware such as a memory 921, a storage 922, and a communication interface 950.
  • the terminal device 200 includes a processor 910 and other hardware such as a memory 921, a storage 922, an input interface 930, an output interface 940, a communication interface 950, and a short-range wireless interface 951.
  • the management device 300 includes a processor 910 and other hardware such as a memory 921, a storage 922, and a communication interface 950.
  • the key opening / closing device 400 includes a processor 910 and other hardware such as a memory 921, a storage 922, a communication interface 950, a short-range wireless interface 951, and a door opening / closing signal interface 952.
  • the same reference numerals are given to the same hardware for each device of the electronic lock system 500, but in reality, each device is individually provided with hardware.
  • the processor 910 is connected to other hardware via a signal line, and controls these other hardware.
  • the server device 100 includes a server communication unit 110, an unlocking authority generation unit 120, an authentication information generation unit 130, a secret information storage unit 140, and an input unit 150 as functional elements.
  • the terminal device 200 includes a terminal communication unit 210, an authenticated information storage unit 220, and a short-range communication unit 230 as functional elements.
  • the management device 300 includes a management communication unit 310 as a functional element.
  • the key opening / closing device 400 includes a device communication unit 410, a verification information storage unit 420, a short-range communication unit 430, a verification unit 440, and an unlocking unit 450 as functional elements.
  • the server communication unit 110 is provided in the communication interface 950.
  • the secret information storage unit 140 is provided in the memory 921 or the storage 922.
  • the input unit 150 is provided in the input interface 930.
  • a program that realizes the function of the server device 100 is called a server program.
  • the terminal communication unit 210 is provided in the communication interface 950.
  • the authenticated information storage unit 220 is provided in the memory 921 or the storage 922.
  • the short-range short-range communication unit 230 is provided in the short-range wireless interface 951.
  • a program that realizes the functions of the terminal device 200 is called a terminal program.
  • the management communication unit 310 is provided in the communication interface 950.
  • a program that implements the functions of the management device 300 is called a management program.
  • the device communication unit 410 is provided in the communication interface 950.
  • the functions of the verification unit 440 and the unlocking unit 450 are realized by software.
  • the device communication unit 410 is provided in the communication interface 950.
  • the verification information storage unit 420 is provided in the memory 921 or the storage 922.
  • the short-range communication unit 430 is provided in the short-range wireless interface 951.
  • a program that realizes the function of the key opening / closing device 400 is called a key opening / closing program.
  • the server program, the terminal program, the management program, and the key opening / closing program may be referred to as an electronic lock management program or a program of each device.
  • a functional element realized by software may be referred to as each unit of each device of the electronic lock system 500.
  • the processor 910 is a device that executes a program of each device.
  • the processor 910 is an IC (Integrated Circuit) that performs arithmetic processing.
  • Specific examples of the processor 910 are a CPU (), a DSP (Digital Signal Processor), and a GPU (Graphics Processing Unit).
  • the memory 921 is a storage device that temporarily stores data.
  • a specific example of the memory 921 is an SRAM (Static Random Access Memory) or a DRAM (Dynamic Random Access Memory).
  • the storage 922 is a storage device that stores data.
  • a specific example of the storage 922 is an HDD.
  • the storage 922 may be a portable storage medium such as an SD (registered trademark) memory card, CF, NAND flash, flexible disk, optical disk, compact disk, Blu-ray (registered trademark) disk, or DVD.
  • SD registered trademark
  • SD Secure Digital
  • CF is an abbreviation for CompactFlash®.
  • DVD is an abbreviation for Digital Versatile Disk.
  • the input interface 930 is a port connected to an input device such as a mouse, a keyboard, or a touch panel.
  • the input interface 930 is, specifically, a USB (Universal Serial Bus) terminal.
  • the input interface 930 may be a port connected to a LAN.
  • the output interface 940 is a port to which a cable of an output device such as a display is connected.
  • the output interface 940 is, specifically, a USB terminal or an HDMI (registered trademark) (High Definition Multimedia Interface) terminal.
  • the display is, specifically, an LCD (Liquid Crystal Display).
  • the communication interface 950 is connected to the receiver and the transmitter.
  • the communication interface 950 is wirelessly connected to a communication network such as a LAN, the Internet, or a telephone line.
  • the communication interface 950 is, specifically, a communication chip or an NIC (Network Interface Card).
  • the program of each device is read by the processor 910 and executed by the processor 910.
  • the memory 921 stores not only a program of each device but also an OS (Operating @ System).
  • the processor 910 executes a program of each device while executing the OS.
  • the program and OS of each device may be stored in the storage 922.
  • the program and OS of each device stored in the storage 922 are loaded into the memory 921 and executed by the processor 910. A part or all of the program of each device may be incorporated in the OS.
  • Each device may include a plurality of processors instead of the processor 910. These processors share the execution of the program of each device.
  • Each processor is a device that executes a program of each device, similarly to the processor 910.
  • Data, information, signal values, and variable values used, processed, or output by the program of each device are stored in the memory 921, the storage 922, or a register or cache memory in the processor 910.
  • the “unit” of each unit of each device may be read as “processing”, “procedure” or “step”. Further, the “process” of each process in which “unit” of each unit of each device is replaced with “process” may be replaced with “program”, “program product”, or “computer-readable storage medium storing the program”.
  • the program of each device causes the computer to execute each process, each procedure or each process in which the “unit” of each portion of each device is replaced with “process”, “procedure” or “process”.
  • the electronic lock management method is a method performed by the electronic lock system 500 executing the electronic lock management program.
  • the electronic lock management program may be provided by being stored in a computer-readable recording medium. Further, the electronic lock management program may be provided as a program product.
  • secret information storage processing S100 The operation of secret information storage processing S100 according to the present embodiment will be described with reference to FIG.
  • the secret information storage processing S100 is executed by the server device 100.
  • the secret information storage unit 140 stores the secret key and the certificate of the public key corresponding to the secret key in the memory 921 as the secret information 31.
  • step S101 the input unit 150 of the server device 100 acquires a secret key and a digital certificate of a public key corresponding to the secret key. Specifically, the input unit 150 acquires a pair of a private key and a public key of a digital signature using PKI (Public Key Infrastructure), that is, a digital certificate.
  • step S102 the secret information storage unit 140 of the server device 100 stores a set of the secret key and the certificate as the secret information 31.
  • the digital signature is, for example, a signature using RSA (registered trademark), DSA, or ECDSA.
  • the secret information 31 includes a building ID (IDentifier) 311, a secret key 312, and a certificate 313.
  • the building ID 311 is an identifier for identifying a building managed by the management device 300. That is, a set of the secret key 312 and the certificate 313 is obtained for each building.
  • step S111 the server communication unit 110 of the server device 100 transmits the certificate 313 as the verification information 41 to the opening / closing system 600.
  • the server communication unit 110 transmits the certificate 313 as the verification information 41 to the management device 300 of the opening / closing system 600.
  • step S112 the management communication unit 310 of the management device 300 receives the verification information 41 from the server device 100 via the communication network 610.
  • the management communication unit 310 transmits the verification information 41 to the key opening / closing device 400 via the equipment network 620. That is, the management device 300 distributes the verification information 41 to all the key opening / closing devices 400 to be managed.
  • step S113 the verification information storage unit 420 of the key opening / closing device 400 stores the verification information 41 received from the management communication unit 310 in the memory 921.
  • the verification information delivery process S110 is performed when a new set of a secret key and a certificate is input to the server device 100.
  • the generation process S20 includes an authentication information generation process S120 and an authenticated information delivery process S130 described below.
  • the generation unit 160 acquires the user authority information 32, and generates authenticated information for authenticating the validity of the unlocking authority of the user using the user authority information 32 and the secret key 312.
  • the user authority information 32 is information in which a user identifier for identifying a user who uses the facility 401 is associated with a facility identifier for identifying the facility 401 which is permitted to be unlocked by the user.
  • FIG. 9 is a diagram illustrating an example of the user authority information 32 according to the present embodiment.
  • the user authority information 32 includes a building ID 321, a user ID 322, and a door ID 323.
  • the building ID 321 is an identifier for identifying a building managed by the management device 300.
  • the user ID 322 is a user identifier for identifying a user.
  • the door ID 323 is a facility identifier for identifying the door as the facility 401.
  • step S121 the input unit 150 acquires the user authority information 32.
  • the user authority information 32 is a combination of a building ID for identifying a building, a user ID for identifying a user, and a door ID for identifying a door through which the user can pass.
  • the input unit 150 accepts the input of the user authority information 32 in, for example, a csv (coma-separated values) format file or another format.
  • step S122 the unlocking authority generation unit 120 of the server device 100 generates the unlocking authority data 33 indicating the unlocking authority using the user ID and the door ID.
  • the unlocking authority generation unit 120 generates a character string in which the user ID is linked to the door ID through which the user can pass, as the unlocking authority data 33. Note that the unlocking authority generation unit 120 may not store the data received by the input unit 150 after the generation of the unlocking authority data 33.
  • FIG. 11 is a diagram showing an example of unlocking authority data 33 and authenticated information 35 according to the present embodiment.
  • the unlocking authority data 33 is a data string represented as a character string or a binary string in which the user ID and the door ID can be clearly identified.
  • FIG. 11 shows an example of the XML format.
  • a format such as a csv format, a json format, or a character string delimited by an appropriate delimiter may be used.
  • step S123 the authentication information generation unit 130 of the server device 100 generates a signature for authenticating the unlocking authority data 33 as the authentication information 34 using the unlocking authority data 33 and the secret key 312. Then, the authentication information generation unit 130 outputs the unlocking authority data 33 to which the authentication information 34 has been added as the authenticated information 35. As described above, the authentication information generation unit 130 generates a digital signature for the unlocking authority data 33 using the secret key 312, and sets the generated signature as the authentication information 34. As shown in FIG. 11, the authentication information generating unit 130 generates a digital signature for authenticating the unlocking authority data 33 using the unlocking authority data 33 and the secret key 312, and sets the digital signature as authentication information 34. Then, the authentication information generation unit 130 outputs the set of the unlocking authority data 33 and the authentication information 34 to the server communication unit 110 as the authenticated information 35.
  • step S131 the server communication unit 110 of the server device 100 transmits the authenticated information 35 to the terminal device 200.
  • step S132 the terminal communication unit 210 of the terminal device 200 receives the authenticated information 35.
  • step S133 the authenticated information storage unit 220 of the terminal device 200 stores the authenticated information 35 received by the terminal communication unit 210 in the memory 921.
  • the server device 100 transmits the unlocking authority data 33 and the authentication information 34 to the terminal device 200 and stores them.
  • the start of communication may be push communication by the server device 100 or pull communication by the terminal device 200.
  • the authenticated information delivery processing S130 is performed when a new set of a secret key and a certificate is input to the server device 100.
  • step S141 the short-range communication unit 430 of the key opening / closing device 400 receives the authenticated information 35 from the terminal device 200 by short-range wireless communication. Specifically, the terminal device 200 of the user who wants to use the door as the facility 401 is held over the key opening / closing device 400 installed near the door. Then, the short-range communication unit 430 receives the authenticated information 35 from the short-range communication unit 230 of the terminal device 200 via the short-range wireless network 630.
  • step S142 upon receiving the authenticated information 35 from the terminal device 200 by short-range wireless communication, the verification unit 440 of the key opening / closing device 400 uses the authenticated information 35 and the verification information 41 stored in the verification information storage unit 420. And verify the validity of the unlocking authority.
  • step S143 the verification unit 440 verifies whether the unlocking authority data 33 included in the authenticated information 35 is valid.
  • the verification unit 440 verifies the authentication information 34 which is a digital signature included in the authenticated information 35 by using the verification information 41 which is a digital certificate including a public key for verification, and the unlocking authority data 33 is valid. Verify that there is.
  • the verification unit 440 converts the unlocking authority data 33 from the set of the unlocking authority data 33 and the digital signature, and the digital certificate including the public key for verification, using the signature verification algorithm of the digital signature. Make sure it has not been tampered with. If the unlocking authority data 33 is valid, the process proceeds to step S144. If the unlocking authority data 33 is not valid, the process ends. In step S144, the verification unit 440 verifies whether the door ID that is the equipment identifier included in the unlocking authority data 33 is valid. Specifically, the verification unit 440 verifies whether the unlocking authority data 33 includes the equipment identifier of the equipment 401 corresponding to the key opening / closing device 400 as the door ID. If the door ID is valid, the process proceeds to step S145. If the door ID is not valid, the process ends.
  • step S145 when the validity of the unlocking authority is verified by the verification unit 440, the unlocking unit 450 of the key opening / closing device 400 unlocks the electronic lock 402.
  • the unlocking unit 450 determines that the unlocking authority is valid. .
  • the unlocking unit 450 determines that the unlocking authority is not valid if any one or any of the validity of the unlocking authority data 33 and the validity of the door ID included in the unlocking authority data 33 cannot be confirmed. It is determined, and the process is terminated without unlocking the electronic lock 402.
  • each unit of each device of the electronic lock system 500 is realized by software.
  • the function of each unit of each device of the electronic lock system 500 may be realized by hardware.
  • each device of the electronic lock system 500 includes an electronic circuit instead of the processor 910.
  • the electronic circuit is a dedicated electronic circuit that realizes the function of each unit of each device of the electronic lock system 500.
  • the electronic circuit is, specifically, a single circuit, a composite circuit, a programmed processor, a parallel programmed processor, a logic IC, a GA, an ASIC, or an FPGA.
  • GA is an abbreviation for Gate Array.
  • ASIC is an abbreviation for Application Specific Integrated Circuit.
  • FPGA is an abbreviation for Field-Programmable Gate Array.
  • the function of each unit of each device of the electronic lock system 500 may be realized by one electronic circuit, or may be realized by being distributed to a plurality of electronic circuits. As another modification, some functions of each unit of each device of the electronic lock system 500 may be realized by an electronic circuit, and the remaining functions may be realized by software.
  • Each of the processor and the electronic circuit is also called a processing circuitry. That is, in each device of the electronic lock system 500, the function of each unit of each device of the electronic lock system 500 is realized by the processing circuitry.
  • the validity of the unlocking authority that is, the fact that the unlocking authority data is not falsified and the contents are correct is protected by a digital signature.
  • the key opening / closing device holds a public key certificate required for signature verification. Therefore, according to the electronic lock system 500 according to the present embodiment, the key opening / closing device can determine unlocking without communication with the server device.
  • the key opening / closing device when verifying the validity of the unlocking authority, can verify the validity of the unlocking authority without communicating with the management device. Can be reduced in the communication amount required for the determination. Further, since it is not necessary for the server device and the plurality of key opening / closing devices to individually communicate with each other, it is possible to suppress an increase in information security management targets by restricting a connection port between the external network and the building network. . Further, as a secondary effect, the server device does not need to store the combination of the user and the unlockable door.
  • Embodiment 2 FIG. In the present embodiment, points different from Embodiment 1 will be mainly described. The same components as those in the first embodiment are denoted by the same reference numerals, and description thereof may be omitted.
  • the configuration of electronic lock system 500a according to the present embodiment will be described with reference to FIG.
  • the electronic lock system 500a according to the present embodiment is different from the first embodiment in that the key opening / closing device 400a does not include the verification information storage unit 420 and the verification unit 440.
  • the management device 300a includes a verification information storage unit 320 and a verification unit 340 having the same functions as the verification information storage unit 420 and the verification unit 440.
  • step S111 the server communication unit 110 transmits the certificate 313 as the verification information 41 to the management device 300a.
  • the process of step S111 is the same as step S111 of FIG. 8 described in the first embodiment.
  • step S114a the verification information storage unit 320 of the management device 300a stores the verification information 41 received from the server device 100 in the memory 921.
  • step S141 the short-range communication unit 430 of the key opening / closing device 400a receives the authenticated information 35 from the terminal device 200 by short-range wireless communication.
  • the processing in step S141 is the same as step S141 in FIG. 13 described in the first embodiment.
  • step S146a the device communication unit 410 of the key opening / closing device 400a transmits the authenticated information 35 received by the short-range communication unit 430 to the management device 300a.
  • the device communication unit 410 transfers the authenticated information 35 to the management device 300a via the equipment network 620.
  • step S143a the verification unit 340 of the management device 300a verifies whether the unlocking authority data 33 included in the authenticated information 35 transmitted from the device communication unit 410 is valid. If the unlocking authority data 33 is valid, the process proceeds to step S144a. If the unlocking authority data 33 is not valid, the process ends.
  • step S144a the verification unit 340 verifies whether the door ID that is the equipment identifier included in the unlocking authority data 33 is valid. If the door ID is valid, the process proceeds to step S147a. If the door ID is not valid, the process ends.
  • the processing of the verification unit 340 in steps S143a and S144a is the same as the processing in steps S143 and S144 of FIG. 13 described in the first embodiment. However, in the present embodiment, the processing of the verification unit 340 is performed by the management device 300a.
  • step S147a the verification unit 340 determines that the unlocking authority is valid when the validity of the unlocking authority data 33 is confirmed and the validity of the door ID included in the unlocking authority data 33 is confirmed. Is determined.
  • the verification unit 340 transmits an unlock command for instructing the electronic lock 402 to be unlocked to the key opening / closing device 400a via the management communication unit 310.
  • step S145a upon receiving the unlock command from the verification unit 340, the unlocking unit 450 of the key opening / closing device 400a unlocks the electronic lock 402.
  • the secret information storage processing the authentication information generation processing, and the authenticated information delivery processing are the same as in the first embodiment.
  • Embodiment 3 FIG. In the present embodiment, points different from the second embodiment will be mainly described.
  • the same components as those in the first and second embodiments are denoted by the same reference numerals, and description thereof may be omitted.
  • the server device 100b of the present embodiment includes a server encryption unit 161 in addition to the components of the server devices 100 of the first and second embodiments.
  • the terminal device 200b according to the present embodiment includes a terminal encryption unit 240 and a terminal decryption unit 250 in addition to the terminal device 200 according to the second embodiment.
  • the key opening / closing device 400b according to the present embodiment includes a device decryption unit 460 in addition to the key opening / closing device 400a according to the second embodiment.
  • server device 100b includes a server encryption unit 161 that encrypts authenticated information.
  • the server communication unit 110 transmits the encrypted authenticated information to the terminal device 200b.
  • the terminal communication unit 210 of the terminal device 200b receives the encrypted authenticated information from the server communication unit 110.
  • the terminal decryption unit 250 decrypts the encrypted authenticated information received by the terminal communication unit 210.
  • the authenticated information storage unit 220 stores the authenticated information obtained by decrypting the encrypted authenticated information.
  • the terminal encryption unit 240 encrypts the authenticated information stored in the authenticated information storage unit 220.
  • the short-range communication unit 230 of the terminal device 200b transmits the authenticated information encrypted by the terminal encryption unit 240 to the key opening / closing device 400b.
  • the device decryption unit 460 of the key opening / closing device 400b decrypts the authenticated information encrypted by the terminal encryption unit 240.
  • step S134b the server encryption unit 161 encrypts the authenticated information 35, which is a set of the unlocking authority data 33 and the authentication information 34. Specifically, the server encryption unit 161 performs encryption using SSL (Secure Sockets Layer) / TLS (Transport Layer Security). In this way, by encrypting the authenticated information during communication, the authenticated information is protected from eavesdropping.
  • step S131b the server communication unit 110 transmits the encrypted authenticated information to the terminal device 200b.
  • step S132b the terminal communication unit 210 receives the encrypted authenticated information.
  • step S135b the terminal decryption unit 250 decrypts the encrypted authenticated information to obtain the authenticated information 35.
  • step S133b the authenticated information storage unit 220 stores the authenticated information 35 obtained by decryption in the memory 921.
  • step S148b the terminal encryption unit 240 of the terminal device 200b encrypts the authenticated information 35 stored in the authenticated information storage unit 220.
  • the terminal encryption unit 240 may perform encryption using Bluetooth (registered trademark) at the time of pairing.
  • the terminal encryption unit 240 may independently perform encryption using another encryption method. In this way, by encrypting the authenticated information during communication, the authenticated information is protected from eavesdropping.
  • the short-range communication unit 430 receives the authenticated information encrypted by the terminal encryption unit 240 from the terminal device 200b by short-range wireless communication.
  • step S149b the device decrypting unit 460 of the key opening / closing device 400b decrypts the authenticated information received from the terminal device 200b and encrypted by the terminal encrypting unit 240, and obtains the authenticated information 35.
  • step S146ab the device communication unit 410 transmits the authenticated information 35 obtained by the decryption to the management device 300a.
  • the processing after step S143a is the same as the processing after step S143a in FIG. 16 described in the second embodiment.
  • the secret information storage process, the verification information delivery process, and the authentication information generation process are the same as in the second embodiment.
  • the unlocking authority data and the authentication information are encrypted from the outside by encrypting them on the communication path.
  • an outsider who does not have the unlocking authority can fraudulently unlock the unlocking authority and the authentication information of the legitimate user and resend them to unlock the lock illegally. That is, prevent replay attacks and improve security.
  • Embodiment 4 FIG. In the present embodiment, points different from the second embodiment will be mainly described.
  • the same components as those in the first to third embodiments are denoted by the same reference numerals, and description thereof may be omitted.
  • the configuration of electronic lock system 500c according to the present embodiment will be described using FIG.
  • the management device 300c of the present embodiment includes a log collection unit 350 in addition to the management device 300a of the second embodiment.
  • the unlocking process S140c according to the present embodiment is different from the unlocking process S140a according to the second embodiment in that the unlocking log 351 is collected by the log collection unit 350 before the process ends.
  • the log collection unit 350 records an unlocking log.
  • step S143a or step S144a if the unlocking authority data 33 is not valid or the door ID is not valid, the log collection unit 350 records an unlocking log.
  • Other processes from step S141 to step S145a are the same as those in FIG. 16 of the second embodiment.
  • step S451 when the electronic lock 402 is unlocked by the unlocking unit 450, the log collection unit 350 determines the time at which the electronic lock 402 was unlocked, the user ID as a user identifier, and the door ID as an equipment identifier. And a log including the unlocking result is collected as an unlocking log 351.
  • the log collection unit 350 receives an unlock report that reports that the electronic lock 402 has been unlocked from the key opening / closing device 400a.
  • the log collection unit 350 sets, for example, the time at which the unlock report was received as the time at which the electronic lock 402 was unlocked in the unlock log 351. If the verification unit 340 fails to verify the validity of the unlocking authority, the log collection unit 350 determines the time when the verification of the validity of the unlocking authority failed, the user ID, the door ID, and the result of the verification. Are collected as the unlock log 351.
  • FIG. 22 is a diagram illustrating an example of the unlock log 351 according to the present embodiment.
  • a user ID, a door ID, unlocking authority data, authentication information, a result, and a time are set.
  • the used unlocking authority data and the authentication information it is possible to record that the unauthorized unlocking authority has been used. If it is desired to confirm only normal passage, only the user ID, the door ID, the result, and the time need be recorded.
  • the unlocking authority data and the authentication information may be omitted.
  • the secret information storage process, the verification information delivery process, the authentication information generation process, and the authenticated information delivery process are the same as those in the second embodiment.
  • the key opening and closing device may include a time acquisition unit that acquires the current time.
  • the device communication unit obtains the time at which the electronic lock was unlocked by the unlocking unit by the time obtaining unit, and transmits this to the management device, including the time, in an unlock report that reports that the electronic lock was unlocked. I do. Since the key opening / closing device includes the time acquisition unit, the time at which the electronic lock is unlocked can be set more accurately in the unlock log.
  • the key opening / closing device may acquire the time when the unlock instruction is received from the management device by the time acquisition unit, and include the time in the unlock report and transmit it to the management device. Further, when recording is performed only when unlocking is performed, and when NO is determined in step S143a and step S144a, the process may be ended without recording the log. Further, in that case, since all the information remains in the unlocking log only when the unlocking is successful, saving of the unlocking result may be omitted.
  • Embodiment 5 FIG. In the present embodiment, points different from the second embodiment will be mainly described. Note that the same components as those in Embodiments 1 to 4 are denoted by the same reference numerals, and description thereof may be omitted.
  • the server device 100d according to the present embodiment includes, in addition to the server devices 100 according to the first and second embodiments, an unlocking authority storage unit 170 and a revocation information generation unit 180.
  • the management device 300d according to the present embodiment includes a revocation information storage unit 360 in addition to the management device 300a according to the second embodiment.
  • step S121 to step S123 is the same as the processing from step S121 to step S123 in FIG. 10 described in the first embodiment.
  • step S124d upon acquiring the user authority information 32, the unlocking authority generation unit 120 calculates a hash value of the unlocking authority data 33 generated from the acquired user authority information 32.
  • step S125d the unlocking authority generation unit 120 determines whether or not the hash value calculated by the unlocking authority generation unit 120 is stored in the unlocking authority storage unit 170. When the hash value is stored, the process proceeds to step S126d. If the hash value has not been stored, the process proceeds to step S127d.
  • FIG. 25 is a diagram showing a configuration of the unlocking authority storage unit 170 according to the present embodiment.
  • the unlocking authority storage unit 170 stores a hash value of the unlocking authority data 33 and a user identifier. Specifically, a building ID, a user ID as a user identifier, and an unlocking authority ID as a hash value of the unlocking authority data 33 are stored in association with each other.
  • the hash value is a character string or a binary string obtained by inputting the unlocking authority data 33 to a hash function that can be calculated at high speed.
  • a specific example of the hash function that can be calculated at high speed is a function such as CRC (Cyclic Redundancy Check) or md5 (Message Digest Algorithm 5).
  • step S126d when the hash value calculated by the unlocking authority generation unit 120 is stored in the unlocking authority storage unit 170, the revocation information generation unit 180 determines the hash value stored in the unlocking authority storage unit 170. The revocation information 181 is generated from the value. Then, the revocation information generation unit 180 transmits the revocation information 181 to the management device 300d via the server communication unit 110.
  • step S127d the unlocking authority storage unit 170 stores the hash value of the unlocking authority data 33 generated by the unlocking authority generating unit 120 in the memory 921. Specifically, the unlocking authority storage unit 170 stores a building ID, a user ID as a user identifier, and an unlocking authority ID as a hash value of the unlocking authority data 33 in association with each other.
  • the server device 100d calculates the hash value of the unlocking authority data 33.
  • the server device 100d stores the building ID, the user ID, and the hash value of the unlocking authority data 33 in the unlocking authority storage unit 170 in association with each other.
  • the server device 100d if the target user already has the unlocking authority, that is, if a record exists in the unlocking authority storage unit 170, the stored unlocking authority is transmitted to the management device 300d as revocation information 181. .
  • FIG. 26 is a diagram illustrating an example of the revocation information 181 according to the present embodiment.
  • the revocation information 181 can be configured as a data string composed of a character string or a binary string indicating the hash value of the user ID and the unlocking authority data 33.
  • the management device 300d may generate a digital signature for the revocation information 181 and accept the revocation information 181 only when the validity of the revocation information 181 can be confirmed.
  • step S101 When the input unit 150 acquires the secret information 31 (step S101), the input unit 150 determines whether the secret information 31 is stored in the secret information storage unit 140 in step S103d. When the secret information 31 is stored, the process proceeds to step S104d. If the secret information 31 is not stored, the process proceeds to step S102. In step S104d, the input unit 150 initializes the hash value and the user identifier of the unlocking authority data 33 stored in the unlocking authority storage unit 170. Then, the secret information storage unit 140 stores the secret information 31 (Step S102).
  • the server device 100d initializes by deleting all the hash values of the unlocking authority data 33 stored in the unlocking authority storage unit 170 so far.
  • step S105d the management device 300d receives the revocation information 181 transmitted from the server device 100d.
  • step S106d the revocation information storage unit 360 stores the revocation information 181 transmitted from the server device 100d.
  • FIG. 27 is a diagram showing a configuration of the revocation information storage unit 360 according to the present embodiment.
  • the revocation information storage unit 360 stores a user ID as a user identifier and a revocation information ID as a hash value of the unlocking authority data 33 in association with each other.
  • the revocation information ID is the same as the unlocking authority ID in the unlocking authority storage unit 170 of the server device 100d, that is, a hash value of the unlocking authority data 33.
  • FIG. 30 illustrates the operation of the unlocking process S140d according to the present embodiment.
  • Steps S141 and S146a are the same as those in FIG. 16 described in the second embodiment.
  • the management device 300d receives the authenticated information 35 from the key opening / closing device 400a (Step S146a).
  • the verification unit 340 calculates a hash value of the unlocking authority data 33 included in the authenticated information 35.
  • step S453d the verification unit 340 determines whether the calculated hash value of the unlocking authority data 33 is stored in the revocation information storage unit. If the calculated hash value is stored, it means that the calculated hash value is revocation information, and thus the processing for verifying the validity of the unlocking authority ends.
  • step S143a If the secret information 31 is not stored, the process proceeds to step S143a. Thereafter, in steps S143a to S145a, a process of verifying the validity of the unlocking authority is performed. Steps S143a to S145a are the same as those in FIG. 16 described in the second embodiment.
  • the hash value of the unlocking authority is calculated, and it is confirmed whether the set of the user ID and the hash value is stored in the revocation authority storage unit. If it has been memorized, it is regarded as a revoked unlocking authority and is not unlocked. Otherwise, the validity of the unlocking authority is verified as in the configuration of the second embodiment.
  • the server device when updating the unlocking authority of the user, delivers revocation information for invalidating the authentication information of the specific user to the management device.
  • a new unlocking authority is given to the terminal device from the server device.
  • the authentication information issued once is valid as long as the verification information is not changed, there is a risk of unlocking a door that is not allowed to pass at that time by using the past unlocking authority.
  • the past unlocking authority is invalidated by the revocation information, thereby suppressing a decrease in security.
  • the entire system when the unlocking authority of many users is changed, the entire system can be set up again by updating the private key and public key of the digital signature of the server device. it can.
  • This embodiment is effective for successively updating the unlocking authority.
  • Embodiment 6 FIG. In the present embodiment, points that are different from Embodiment 5 will be mainly described. The same components as those in Embodiments 1 to 5 are denoted by the same reference numerals, and description thereof may be omitted.
  • the management device 300d of the opening / closing system 600 communicates with the terminal device 200e via a building network 640 that is a different network from the communication network 610. That is, the server device 100e of the present embodiment cannot communicate with the management device 300d via the communication network 610. Further, the server device 100e of the present embodiment includes a time acquisition unit 190 in addition to the server device 100d of FIG. 23 of the fifth embodiment. Further, the terminal device 200e of the present embodiment includes a revocation information storage unit 260 in addition to the terminal device 200 of FIG. 23 of the fifth embodiment.
  • step S128e the time acquisition unit 190 acquires the current time as time.
  • step S126e the revocation information generation unit 180 generates the revocation information 181 from the hash value stored in the unlocking authority storage unit 170.
  • the revocation information generation unit 180 transmits the set of the revocation information 181 and the time to all the terminal devices 200e in the target building.
  • the server device 100 e After transmitting the revocation information 181, the server device 100 e acquires the time by the time acquisition unit 190 when transmitting the revocation information 181, and associates the revocation information 181 with the time to broadcast to all the terminal devices 200 e. .
  • FIG. 33 is a diagram showing a configuration of the revocation information storage unit 260 according to the present embodiment.
  • the terminal device 200e stores the user ID and the revocation information ID in the revocation information storage unit 260 that stores the user ID and the revocation information ID in association with the time at which the revocation information 181 was generated.
  • step S11e the terminal device 200e receives the set of the revocation information 181 and the time transmitted from the server device 100e.
  • step S12e the revocation information storage unit 260 stores a set of the revocation information 181 and the time transmitted from the server device 100e. As described above, all the terminal devices 200e that have received the revocation information 181 temporarily store the revocation information 181 in their own revocation information storage units 260.
  • step S13e when the communication path between the terminal device 200e and the management device 300d is established, the management device 300d updates the latest time among the times associated with the revocation information 181 held in the revocation information storage unit 360 by the terminal. Transmit to the device 200e.
  • the terminal device 200e transmits only the revocation information 181 generated at a time later than the time transmitted from the management device 300d to the management device 300d (Steps S14e and S15e). Thereafter, in step S16e, the terminal device 200e deletes all the revocation information 181 stored in the revocation information storage unit 260.
  • the terminal device 200e may transmit the revocation information 181 to the key opening / closing device 400a, and may transmit the revocation information 181 to the management device 300d via the key opening / closing device 400a.
  • the management device 300d receives the set of the revocation information 181 and the time transmitted from the terminal device 200e.
  • the revocation information storage unit 360 stores the set of the revocation information 181 and the time transmitted from the terminal device 200e, and updates the latest time of the revocation information 181.
  • the management device 300d stores the revocation information 181 received from the terminal device 200e in the revocation information storage unit 360. After that, the latest time among the times associated with the received revocation information 181 is stored as the latest time to be transmitted to the terminal device 200e next time.
  • the terminal device relays the delivery of the revocation information.
  • another authorized user delivers the revocation information to the management device, so that the timing at which the unauthorized operation is possible can be limited.
  • the electronic lock system 500e according to the present embodiment even when a network does not exist between the server device and the management device, it is possible to change the unlocking authority of the user using the revocation information while suppressing a decrease in security. Become. Further, there may be a time lag between the expiration of the unlocking authority and the registration of the expiration information.
  • the electronic lock system 500e since the time when the revocation information is generated is stored in association with the revocation information, it is possible to determine whether any person has passed illegally during the time lag. . Further, the electronic lock system 500e according to the present embodiment can also be used when the unlocking authority changes due to a personnel change.
  • Embodiment 7 FIG. In the present embodiment, points different from the second embodiment will be mainly described.
  • the same components as those in Embodiments 1 to 6 are denoted by the same reference numerals, and description thereof may be omitted.
  • unlocking authority is given to such a user group.
  • the user authority information 32 is associated with a plurality of user IDs, a user group identifier for identifying a user group to which a plurality of users identified by the plurality of user IDs belong, and a door ID which is a facility identifier.
  • the user group identifier is also called a user group ID.
  • the unlocking authority generating unit 120 generates unlocking authority data 33 indicating the unlocking authority of the user group using the plurality of user IDs, user group IDs, and door IDs.
  • the authentication information generation unit 130 generates authentication information 34 for authenticating the unlocking authority data using the unlocking authority data 33 and the secret key, and transmits the authentication information 34 to the terminal device 200 corresponding to a plurality of users.
  • the user authority information 32 will be described using FIG. 37 and FIG.
  • a plurality of user IDs, a user group ID for identifying a user group to which a plurality of users identified by the plurality of user IDs belong, and a door ID are associated with each other.
  • the user authority information 32 is a set of a building ID, a user ID, and a door ID.
  • a user group ID is added to the user authority information 32. Then, the user ID is associated with the door ID. Thus, users belonging to the same user group ID can unlock the same door.
  • the unlocking authority data 33 according to the present embodiment will be described with reference to FIG. 39 and FIG.
  • the unlocking authority data 33 in FIG. 39 is a data string expressed as a character string or a binary string in which the user group ID, the user ID, and the door ID can be clearly identified.
  • its own user ID may be added to the first row. At this time, when verifying the validity, the first line is skipped and the unlocking authority is regarded.
  • step S21g the input unit 150 acquires the user authority information 32 including a set of a user ID and a user group ID.
  • step S22g the input unit 150 acquires the user authority information 32 including a set of a user group ID and a door ID.
  • step S122g the unlocking authority generation unit 120 generates unlocking authority data 33 indicating the unlocking authority of the user group using the plurality of user IDs, user group IDs, and door IDs.
  • step S123g the authentication information generation unit 130 generates the authentication information 34 for authenticating the unlocking authority data 33 using the unlocking authority data 33 and the secret key.
  • the server device 100 generates one piece of authentication information 34 for the unlocking authority data 33 generated for each user group. Then, the authentication information generation unit 130 outputs the authenticated information 35 obtained by adding the authentication information 34 to the unlocking authority data 33.
  • step S131g the server communication unit 110 transmits the authenticated information 35 to the terminal devices 200 of all users belonging to the target user group.
  • the processing from step S132 to step S133 is the same as in FIG. 12 of the first embodiment.
  • users belonging to the same user group hold the same authenticated information 35.
  • one piece of authentication information is generated for a plurality of unlocking authorities.
  • users belonging to the same affiliation may be given the same traffic authority. Therefore, granting the unlocking authority to such a user group can reduce the number of times of generating the unlocking authority and the authentication information, and reduce the number of generations of the server device. The amount of calculation can be reduced.
  • Embodiment 8 FIG. In the present embodiment, points that are different from Embodiment 5 will be mainly described. The same components as those in Embodiments 1 to 5 are denoted by the same reference numerals, and description thereof may be omitted.
  • opening / closing system 600f includes a terminal device that communicates with management device 300f as management terminal 200f.
  • the management terminal 200f includes a management terminal storage unit 370 and a verification information storage unit 280 in addition to the configuration of the second embodiment.
  • the verification information storage unit 280 Upon receiving the verification information 41 from the server device 100, the verification information storage unit 280 temporarily stores the verification information 41.
  • the management device storage unit 270 stores a management device identifier for identifying the management device 300f and secret data 432 generated between the management terminal 200f and the management device 300f in association with each other.
  • the management device 300f includes a short-range communication unit 380 and a management terminal storage unit 370 in addition to the configuration of the second embodiment.
  • the management terminal storage unit 370 stores the secret data 432 and the management terminal identifier for identifying the management terminal 200f in association with each other.
  • the verification information storage unit 320 Upon receiving the update request for updating the verification information 41 from the management terminal 200f, stores the verification information 41 in a case where the management terminal that has requested the update is stored in the management terminal storage unit 370. To update.
  • FIG. 44 is a diagram showing a configuration of the management terminal storage unit 370 according to the present embodiment.
  • the management terminal storage unit 370 stores a management terminal ID 431 for identifying the management terminal 200f, and secret data 432 shared with the management terminal 200f.
  • a specific example of the secret data 432 is a link key shared by the management terminal 200f and the management device 300f by Bluetooth (registered trademark) pairing.
  • the secret data 432 is updated along the lifetime, the information in the management terminal storage unit 370 is also updated each time.
  • FIG. 45 is a diagram showing a configuration of the management device storage unit 270 according to the present embodiment.
  • the configuration of the management device storage unit 270 is the same as the configuration of the management terminal storage unit 370.
  • the difference is that a management device ID 433 for identifying the management device 300f is stored instead of the management terminal ID 431.
  • FIG. 46 is a diagram showing a configuration of secret information storage processing S210 according to the present embodiment.
  • the management terminal 200f and the management device 300f communicate with each other by the short-range communication unit 230 and the short-range communication unit 380, and share the secret data 432 (steps S211 and S212).
  • the management device 300f accepts an update request for the verification information 41 only from the terminal device sharing the secret data 432, that is, the management terminal 200f. Specifically, Bluetooth (registered trademark) pairing is executed to share a link key.
  • the management terminal or an administrator having the management terminal may be authenticated by another authentication method, specifically, client authentication or password authentication, and the short-range communication unit may be omitted.
  • FIG. 47 is a diagram showing a configuration of the verification information temporary storage processing S220 according to the present embodiment.
  • the server device 100 sends the verification information 41 to the management terminal 200f instead of sending it to the management device 300f (Step S221).
  • the terminal device of the administrator that is, the management terminal 200f stores the verification information 41 (Step S222).
  • pull-type communication that requests acquisition of the verification information 41 from the management terminal 200f is preferable.
  • FIG. 48 is a diagram showing a configuration of the verification information transfer processing S230 according to the present embodiment.
  • the management terminal 200f transmits an update request for updating the verification information 41 to the management device 300f (step S231)
  • the management device 300f determines whether the management terminal 200f is stored in the management terminal storage unit 370 (step S231). S232).
  • the management device 300f verifies that the communication partner is the valid management terminal 200f, accepts the update of the verification information 41 only when the communication partner is valid, and stores it in the memory (step S233, step S234).
  • Communication by the short-range communication unit may be used only for authentication of the management terminal 200f, and transmission of the verification information 41 may be performed using another communication method, for example, Wi-Fi (registered trademark).
  • the management device when there is no network between the server device and the management device, the management device accepts the update of the verification information only from the special management terminal device, that is, the management terminal. Therefore, in the electronic lock system 500f according to the present embodiment, the electronic lock system can be implemented even when there is no network between the server device and the management device. At the same time, by restricting the terminal devices that can update the verification information, an unauthorized person can update the system with the forged verification information, and illegally open with the unauthorized unlocking authority determined to be legitimate by the forged verification information. Security can be maintained so as not to be locked.
  • each unit of each device of the electronic lock system has been described as an independent function block.
  • the configuration of each device of the electronic lock system may not be the configuration as in the above-described embodiment.
  • the functional blocks of each device of the electronic lock system may have any configuration as long as the functions described in the above embodiments can be realized.
  • each device of the electronic lock system is not limited to one device, but may be a system including a plurality of devices.
  • a plurality of parts of the first to eighth embodiments may be combined and implemented.
  • one of these embodiments may be implemented.
  • these embodiments may be implemented in any combination as a whole or a part. That is, in the first to eighth embodiments, it is possible to freely combine the embodiments, or to modify any of the components in each of the embodiments, or omit any of the components in each of the embodiments.

Landscapes

  • Lock And Its Accessories (AREA)

Abstract

A confidential information storage unit (140) stores, as confidential information, a private key and a public key certificate corresponding to the private key. A generation unit (160) acquires user rights information in which a user ID and a door ID identifying equipment capable of being unlocked by the user are associated. The generation unit (160) uses the user rights information and the private key to generate authenticated information for authenticating the validity of unlocking rights for the user. A server communication unit (110) transmits the certificate, as verification information, to an open-close system (600) and transmits the authenticated information to a terminal device (200). When a verification unit (440) receives the authenticated information from the terminal device (200) using short range wireless, the validity of the unlocking rights is verified by using the authenticated information and the verification information. An unlock unit (450) unlocks an electronic lock (402) when the validity of the unlocking rights is verified.

Description

電子錠システム、電子錠管理方法、および電子錠管理プログラムElectronic lock system, electronic lock management method, and electronic lock management program
 本発明は、電子錠システム、電子錠管理方法、および電子錠管理プログラムに関する。 The present invention relates to an electronic lock system, an electronic lock management method, and an electronic lock management program.
 特許文献1には、電気錠を備えた複数の物品収受ボックスにおける電子錠の開閉制御について記載されている。特許文献1では、複数の物品収受ボックスが制御部に接続されており、制御部はネットワーク経由でセンタサーバに接続されている。そして、開錠のための処理はセンタサーバと制御部との間で行われる。 Patent Document 1 describes opening / closing control of an electronic lock in a plurality of article receiving boxes equipped with an electric lock. In Patent Document 1, a plurality of article receiving boxes are connected to a control unit, and the control unit is connected to a center server via a network. Then, the processing for unlocking is performed between the center server and the control unit.
特開2015-048236号公報JP-A-2005-048236
 特許文献1では、開錠の判定時にセンタサーバと制御部が通信する構成となっている。特許文献1の技術を大規模ビル内の複数の扉のセキュリティ管理に応用すると、扉の鍵開閉装置が個別にセンタサーバと通信することになる。このため、扉を通過するユーザ数が多いビルでは通信量が増大する。また、情報セキュリティの観点から管理すべき外部ネットワークとの接続点が扉の数に比例して増大する。 Patent Literature 1 discloses a configuration in which the center server and the control unit communicate with each other when unlocking is determined. If the technology of Patent Document 1 is applied to security management of a plurality of doors in a large-scale building, door lock devices will individually communicate with the center server. Therefore, in a building where the number of users passing through the door is large, the communication amount increases. Also, the number of connection points with external networks to be managed from the viewpoint of information security increases in proportion to the number of doors.
 本発明は、通信量を増大させることなく、安全に電子錠の開錠判定を行う電子錠システムを提供することを目的とする。 The object of the present invention is to provide an electronic lock system that safely determines whether or not to open an electronic lock without increasing the amount of communication.
 本発明に係る電子錠システムは、
 電子錠を備えた設備を有する開閉システムと、前記開閉システムと近距離無線により通信する端末装置と、前記開閉システムと前記端末装置との各々と通信ネットワークを介して通信するサーバ装置とを有する電子錠システムにおいて、
 前記サーバ装置は、
 秘密鍵と前記秘密鍵に対応する公開鍵の証明書とを秘密情報として記憶する秘密情報記憶部と、
 前記設備を利用するユーザを識別するユーザ識別子と、前記ユーザによる開錠が許可されている設備を識別する設備識別子とが対応付けられたユーザ権限情報を取得し、前記ユーザ権限情報と前記秘密鍵とを用いて、前記ユーザの開錠権限の正当性を認証するための認証済情報を生成する生成部と、
 前記証明書を検証情報として前記開閉システムに送信するとともに、前記認証済情報を前記端末装置に送信するサーバ通信部と
を備え、
 前記開閉システムは、
 前記端末装置から近距離無線により前記認証済情報を受信すると、前記認証済情報と前記検証情報とを用いて前記開錠権限の正当性を検証する検証部と、
 前記検証部により前記開錠権限の正当性が検証されると、前記電子錠を開錠する開錠部とを備えた。 The electronic lock system according to the present invention includes:
An electronic system comprising: an opening / closing system having equipment provided with an electronic lock; a terminal device that communicates with the opening / closing system by short-range wireless communication; and a server device that communicates with each of the opening / closing system and the terminal device via a communication network. In the lock system,
The server device,
A secret information storage unit that stores a secret key and a certificate of a public key corresponding to the secret key as secret information,
Acquiring user authority information in which a user identifier for identifying a user who uses the facility and a facility identifier for identifying a facility that is permitted to be unlocked by the user are acquired, and the user authority information and the secret key are acquired. Using a generating unit that generates authenticated information for authenticating the validity of the unlocking authority of the user,
A server communication unit that transmits the certificate to the opening / closing system as verification information and transmits the authenticated information to the terminal device,
The opening and closing system includes:
Upon receiving the authenticated information by short-range wireless from the terminal device, a verification unit that verifies the validity of the unlocking authority using the authenticated information and the verification information,
An unlocking unit that unlocks the electronic lock when the validity of the unlocking authority is verified by the verification unit.
 本発明に係る電子錠システムでは、サーバ装置がユーザ権限情報と秘密鍵とを用いて、ユーザの開錠権限の正当性を認証するための認証済情報を生成する。また、サーバ装置は、秘密鍵に対応する公開鍵の証明書を検証情報として開閉システムに送信する。開閉システムでは、ユーザから近距離無線により認証済情報を取得すると、認証済情報と検証情報とを用いてユーザの開錠権限の正当性を検証する。よって、本発明に係る電子錠システムによれば、サーバ装置との通信量を増大させることなく、安全に電子錠の開錠判定を行うことができる。 In the electronic lock system according to the present invention, the server generates authenticated information for authenticating the validity of the unlocking authority of the user using the user authority information and the secret key. Further, the server device transmits a certificate of the public key corresponding to the secret key to the opening / closing system as verification information. In the opening / closing system, when the authenticated information is acquired from the user by short-range wireless communication, the authenticity of the unlocking authority of the user is verified using the authenticated information and the verification information. Therefore, according to the electronic lock system of the present invention, it is possible to safely determine whether to open the electronic lock without increasing the amount of communication with the server device.
実施の形態1に係る電子錠システムの機能構成図。FIG. 2 is a functional configuration diagram of the electronic lock system according to the first embodiment. 実施の形態1に係るサーバ装置のハードウェア構成図。FIG. 2 is a hardware configuration diagram of a server device according to the first embodiment. 実施の形態1に係る端末装置のハードウェア構成図。FIG. 2 is a hardware configuration diagram of the terminal device according to the first embodiment. 実施の形態1に係る管理装置のハードウェア構成図。FIG. 2 is a hardware configuration diagram of a management device according to the first embodiment. 実施の形態1に係る鍵開閉装置のハードウェア構成図。FIG. 2 is a hardware configuration diagram of the key opening / closing device according to the first embodiment. 実施の形態1に係る秘密情報記憶処理の動作フロー図。FIG. 4 is an operation flowchart of a secret information storage process according to the first embodiment. 実施の形態1に係る秘密情報の例を示す図。FIG. 4 is a diagram showing an example of secret information according to the first embodiment. 実施の形態1に係る検証情報配送処理の動作フロー図。FIG. 4 is an operation flowchart of a verification information delivery process according to the first embodiment. 実施の形態1に係るユーザ権限情報の例を示す図。FIG. 4 is a diagram showing an example of user authority information according to the first embodiment. 実施の形態1に係る認証情報生成処理の動作フロー図。FIG. 5 is an operation flowchart of an authentication information generation process according to the first embodiment. 実施の形態1に係る開錠権限データおよび認証済情報の例を示す図。FIG. 4 is a diagram showing an example of unlocking authority data and authenticated information according to the first embodiment. 実施の形態1に係る認証済情報配送処理の動作フロー図。FIG. 5 is an operation flowchart of the authenticated information delivery process according to the first embodiment. 実施の形態1に係る開錠処理の動作フロー図。FIG. 5 is an operation flowchart of the unlocking process according to the first embodiment. 実施の形態2に係る電子錠システムの構成例。9 shows a configuration example of an electronic lock system according to Embodiment 2. 実施の形態2に係る検証情報配送処理の動作フロー図。FIG. 13 is an operation flowchart of a verification information delivery process according to the second embodiment. 実施の形態2に係る開錠処理の動作フロー図。FIG. 10 is an operation flowchart of an unlocking process according to the second embodiment. 実施の形態3に係る電子錠システムの機能構成図。FIG. 9 is a functional configuration diagram of an electronic lock system according to a third embodiment. 実施の形態3に係る認証済情報配送処理の動作フロー図。FIG. 13 is an operation flowchart of the authenticated information delivery processing according to the third embodiment. 実施の形態3に係る開錠処理の動作フロー図。FIG. 14 is an operation flowchart of an unlocking process according to the third embodiment. 実施の形態4に係る電子錠システムの機能構成図。FIG. 13 is a functional configuration diagram of an electronic lock system according to a fourth embodiment. 実施の形態4に係る開錠処理の動作フロー図。FIG. 14 is an operation flowchart of an unlocking process according to the fourth embodiment. 実施の形態4に係る開錠ログの例を示す図。FIG. 14 is a diagram showing an example of an unlock log according to the fourth embodiment. 実施の形態5に係る電子錠システムの機能構成図。FIG. 15 is a functional configuration diagram of an electronic lock system according to a fifth embodiment. 実施の形態5に係る認証情報生成処理の動作フロー図。FIG. 21 is an operation flowchart of an authentication information generation process according to the fifth embodiment. 実施の形態5に係る開錠権限記憶部の構成例。15 shows a configuration example of an unlocking authority storage unit according to the fifth embodiment. 実施の形態5に係る失効情報の例を示す図。FIG. 17 is a diagram showing an example of revocation information according to the fifth embodiment. 実施の形態5に係る失効情報記憶部の構成例。15 shows a configuration example of a revocation information storage unit according to the fifth embodiment. 実施の形態5に係る秘密情報記憶処理の動作フロー図。FIG. 17 is an operation flowchart of a secret information storage process according to the fifth embodiment. 実施の形態5に係る失効情報記憶処理の動作フロー図。FIG. 17 is an operation flowchart of a revocation information storage process according to the fifth embodiment. 実施の形態5に係る開錠処理の動作フロー図。FIG. 17 is an operation flowchart of an unlocking process according to the fifth embodiment. 実施の形態6に係る電子錠システムの機能構成図。FIG. 13 is a functional configuration diagram of an electronic lock system according to a sixth embodiment. 実施の形態6に係る認証情報生成処理の動作フロー図。FIG. 21 is an operation flowchart of an authentication information generation process according to the sixth embodiment. 実施の形態6に係る失効情報記憶部の構成を示す図。FIG. 17 is a diagram showing a configuration of a revocation information storage unit according to the sixth embodiment. 実施の形態6に係る失効情報記憶処理の動作フロー図。FIG. 21 is an operation flowchart of a revocation information storage process according to the sixth embodiment. 実施の形態6に係る失効情報転送処理の動作フロー図。FIG. 19 is an operation flowchart of a revocation information transfer process according to the sixth embodiment. 実施の形態6に係る失効情報記憶処理の動作フロー図。FIG. 21 is an operation flowchart of a revocation information storage process according to the sixth embodiment. 実施の形態7に係るユーザ権限情報の構成例。15 shows a configuration example of user right information according to the seventh embodiment. 実施の形態7に係るユーザ権限情報の構成例。15 shows a configuration example of user right information according to the seventh embodiment. 実施の形態7に係る開錠権限データの構成例。17 shows a configuration example of unlocking authority data according to the seventh embodiment. 実施の形態7に係る開錠権限データの構成例。17 shows a configuration example of unlocking authority data according to the seventh embodiment. 実施の形態7に係る認証情報生成処理の動作フロー図。FIG. 21 is an operation flowchart of an authentication information generation process according to the seventh embodiment. 実施の形態7に係る認証済情報配送処理の動作フロー図。FIG. 21 is an operation flowchart of an authenticated information delivery process according to the seventh embodiment. 実施の形態8に係る電子錠システムの機能構成図。FIG. 15 is a functional configuration diagram of an electronic lock system according to an eighth embodiment. 実施の形態8に係る管理端末記憶部の構成を示す図。FIG. 17 is a diagram showing a configuration of a management terminal storage unit according to the eighth embodiment. 実施の形態8に係る管理装置記憶部の構成を示す図。FIG. 17 is a diagram showing a configuration of a management device storage unit according to the eighth embodiment. 実施の形態8に係る秘密情報記憶処理の動作フロー図。FIG. 28 is an operation flowchart of a secret information storage process according to the eighth embodiment. 実施の形態8に係る検証情報一時記憶処理の動作フロー図。FIG. 21 is an operation flowchart of a verification information temporary storage process according to the eighth embodiment. 実施の形態8に係る検証情報転送処理の動作フロー図。FIG. 19 is an operation flow diagram of a verification information transfer process according to the eighth embodiment.
 以下、本発明の実施の形態について、図を用いて説明する。なお、各図中、同一または相当する部分には、同一符号を付している。実施の形態の説明において、同一または相当する部分については、説明を適宜省略または簡略化する。 Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the drawings, the same or corresponding parts are denoted by the same reference numerals. In the description of the embodiments, the description of the same or corresponding portions will be omitted or simplified as appropriate.
 実施の形態1.
***構成の説明***
 図1から図5を用いて、本実施の形態に係る電子錠システム500の構成について説明する。図1は、本実施の形態に係る電子錠システム500の機能構成図である。図2は、本実施の形態に係るサーバ装置100のハードウェア構成図である。図3は、本実施の形態に係る端末装置200のハードウェア構成図である。図4は、本実施の形態に係る管理装置300のハードウェア構成図である。図5は、本実施の形態に係る鍵開閉装置400のハードウェア構成図である。 Embodiment 1 FIG.
*** Configuration description ***
The configuration of the electronic lock system 500 according to the present embodiment will be described with reference to FIGS. FIG. 1 is a functional configuration diagram of an electronic lock system 500 according to the present embodiment. FIG. 2 is a hardware configuration diagram of server device 100 according to the present embodiment. FIG. 3 is a hardware configuration diagram of terminal device 200 according to the present embodiment. FIG. 4 is a hardware configuration diagram of the management device 300 according to the present embodiment. FIG. 5 is a hardware configuration diagram of the key opening / closing device 400 according to the present embodiment.
 電子錠システム500は、サーバ装置100、端末装置200、および開閉システム600を備える。開閉システム600は、管理装置300および鍵開閉装置400を備える。すなわち、電子錠システム500は、サーバ装置100、端末装置200、管理装置300、および鍵開閉装置400を備える。
 開閉システム600は、電子錠402を備えた設備401を有する。設備401は、具体的には、扉である。すなわち、電子錠システム500は、ビルといった建物内の扉に備えられた電子錠の開閉制御を行う。端末装置200は、開閉システム600と近距離無線により通信する。サーバ装置100は、開閉システム600と端末装置200との各々と通信ネットワーク610を介して通信する。 The electronic lock system 500 includes a server device 100, a terminal device 200, and an opening / closing system 600. The opening / closing system 600 includes a management device 300 and a key opening / closing device 400. That is, the electronic lock system 500 includes the server device 100, the terminal device 200, the management device 300, and the key opening / closing device 400.
The opening / closing system 600 has a facility 401 provided with an electronic lock 402. The equipment 401 is, specifically, a door. That is, the electronic lock system 500 controls opening and closing of an electronic lock provided on a door in a building such as a building. The terminal device 200 communicates with the opening / closing system 600 by short-range wireless communication. The server device 100 communicates with each of the opening / closing system 600 and the terminal device 200 via the communication network 610.
 サーバ装置100と端末装置200と管理装置300は、通信ネットワーク610を介して通信する。通信ネットワーク610は、インターネットといった公衆網であり、外部ネットワークともいう。管理装置300と鍵開閉装置400は、ビル内に設けられた設備ネットワーク620を介して通信する。設備ネットワーク620は、ビル内に設けられたLAN(Local Area Network)あるいはWi-fi(登録商標)といった内部ネットワークである。端末装置200と鍵開閉装置400は、近距離無線ネットワーク630により通信する。近距離無線ネットワーク630は、例えば、Bluetooth(登録商標)である。 The server device 100, the terminal device 200, and the management device 300 communicate via the communication network 610. The communication network 610 is a public network such as the Internet, and is also called an external network. The management device 300 and the key opening / closing device 400 communicate via an equipment network 620 provided in the building. The equipment network 620 is an internal network such as a LAN (Local Area Network) or Wi-fi (registered trademark) provided in the building. The terminal device 200 and the key opening / closing device 400 communicate via the short-range wireless network 630. The short-range wireless network 630 is, for example, Bluetooth (registered trademark).
 サーバ装置100は、サーバ型のコンピュータである。端末装置200は、建物を利用するユーザにより携帯される携帯端末である。端末装置200は、例えば、スマートフォン、タブレット、あるいはその他の携帯端末である。管理装置300は、サーバ型のコンピュータである。管理装置300は、サーバ装置100と通信ネットワーク610を介して通信する。また、管理装置300は、ビルといった建物内の鍵開閉装置400を管理する。
 鍵開閉装置400は、管理装置300と通信するとともに、電子錠402の開閉を制御する。鍵開閉装置400は、建物内の扉といった設備401に設置され、扉の電子錠402の開閉制御を行う。 The server device 100 is a server-type computer. The terminal device 200 is a portable terminal carried by a user who uses a building. The terminal device 200 is, for example, a smartphone, a tablet, or another portable terminal. The management device 300 is a server-type computer. The management device 300 communicates with the server device 100 via the communication network 610. The management device 300 manages the key opening / closing device 400 in a building such as a building.
The key opening / closing device 400 communicates with the management device 300 and controls opening / closing of the electronic lock 402. The key opening / closing device 400 is installed in a facility 401 such as a door in a building, and controls opening / closing of an electronic lock 402 of the door.
 サーバ装置100、端末装置200、管理装置300、および鍵開閉装置400の各装置は、コンピュータである。以下、サーバ装置100、端末装置200、管理装置300、および鍵開閉装置400の各装置を電子錠システム500の各装置という場合がある。
 サーバ装置100は、プロセッサ910を備えるとともに、メモリ921、ストレージ922、および通信インタフェース950といった他のハードウェアを備える。
 端末装置200は、プロセッサ910を備えるとともに、メモリ921、ストレージ922、入力インタフェース930、出力インタフェース940、通信インタフェース950、および近距離無線インタフェース951といった他のハードウェアを備える。
 管理装置300は、プロセッサ910を備えるとともに、メモリ921、ストレージ922、および通信インタフェース950といった他のハードウェアを備える。
 鍵開閉装置400は、プロセッサ910を備えるとともに、メモリ921、ストレージ922、通信インタフェース950、近距離無線インタフェース951、および扉開閉信号インタフェース952といった他のハードウェアを備える。
 なお、説明を簡単にするために、電子錠システム500の各装置に共通のハードウェアには同一の符号を付しているが、実際には各装置が個別にハードウェアを備えている。
 電子錠システム500の各装置において、プロセッサ910は、信号線を介して他のハードウェアと接続され、これら他のハードウェアを制御する。 Each of the server device 100, the terminal device 200, the management device 300, and the key opening / closing device 400 is a computer. Hereinafter, each device of the server device 100, the terminal device 200, the management device 300, and the key opening / closing device 400 may be referred to as each device of the electronic lock system 500.
The server device 100 includes a processor 910 and other hardware such as a memory 921, a storage 922, and a communication interface 950.
The terminal device 200 includes a processor 910 and other hardware such as a memory 921, a storage 922, an input interface 930, an output interface 940, a communication interface 950, and a short-range wireless interface 951.
The management device 300 includes a processor 910 and other hardware such as a memory 921, a storage 922, and a communication interface 950.
The key opening / closing device 400 includes a processor 910 and other hardware such as a memory 921, a storage 922, a communication interface 950, a short-range wireless interface 951, and a door opening / closing signal interface 952.
In addition, for the sake of simplicity, the same reference numerals are given to the same hardware for each device of the electronic lock system 500, but in reality, each device is individually provided with hardware.
In each device of the electronic lock system 500, the processor 910 is connected to other hardware via a signal line, and controls these other hardware.
 サーバ装置100は、機能要素として、サーバ通信部110、開錠権限生成部120、認証情報生成部130、秘密情報記憶部140、および入力部150を備える。
 端末装置200は、機能要素として、端末通信部210、認証済情報記憶部220、および近距離通信部230を備える。
 管理装置300は、機能要素として、管理通信部310を備える。
 鍵開閉装置400は、機能要素として、装置通信部410、検証情報記憶部420、近距離通信部430、検証部440、および開錠部450を備える。 The server device 100 includes a server communication unit 110, an unlocking authority generation unit 120, an authentication information generation unit 130, a secret information storage unit 140, and an input unit 150 as functional elements.
The terminal device 200 includes a terminal communication unit 210, an authenticated information storage unit 220, and a short-range communication unit 230 as functional elements.
The management device 300 includes a management communication unit 310 as a functional element.
The key opening / closing device 400 includes a device communication unit 410, a verification information storage unit 420, a short-range communication unit 430, a verification unit 440, and an unlocking unit 450 as functional elements.
 サーバ装置100において、開錠権限生成部120および認証情報生成部130の機能は、ソフトウェアにより実現される。サーバ通信部110は、通信インタフェース950に備えられる。秘密情報記憶部140は、メモリ921あるいはストレージ922に備えられる。入力部150は、入力インタフェース930に備えられる。サーバ装置100の機能を実現するプログラムをサーバプログラムという。 In the server device 100, the functions of the unlocking authority generation unit 120 and the authentication information generation unit 130 are realized by software. The server communication unit 110 is provided in the communication interface 950. The secret information storage unit 140 is provided in the memory 921 or the storage 922. The input unit 150 is provided in the input interface 930. A program that realizes the function of the server device 100 is called a server program.
 端末装置200において、端末通信部210は、通信インタフェース950に備えられる。認証済情報記憶部220は、メモリ921あるいはストレージ922に備えられる。近距近距離通信部230は、近距離無線インタフェース951に備えられる。端末装置200の機能を実現するプログラムを端末プログラムという。 に お い て In the terminal device 200, the terminal communication unit 210 is provided in the communication interface 950. The authenticated information storage unit 220 is provided in the memory 921 or the storage 922. The short-range short-range communication unit 230 is provided in the short-range wireless interface 951. A program that realizes the functions of the terminal device 200 is called a terminal program.
 管理装置300において、管理通信部310は、通信インタフェース950に備えられる。管理装置300の機能を実現するプログラムを管理プログラムという。 In the management device 300, the management communication unit 310 is provided in the communication interface 950. A program that implements the functions of the management device 300 is called a management program.
 鍵開閉装置400において、装置通信部410は、通信インタフェース950に備えられる。検証部440および開錠部450の機能は、ソフトウェアにより実現される。装置通信部410は、通信インタフェース950に備えられる。検証情報記憶部420は、メモリ921あるいはストレージ922に備えられる。近距離通信部430は、近距離無線インタフェース951に備えられる。鍵開閉装置400の機能を実現するプログラムを鍵開閉プログラムという。
 以下において、サーバプログラム、端末プログラム、管理プログラム、および鍵開閉プログラムを、電子錠管理プログラムあるいは各装置のプログラムという場合がある。また、電子錠システム500の各装置において、ソフトウェアで実現される機能要素を、電子錠システム500の各装置の各部という場合がある。 In the key opening / closing device 400, the device communication unit 410 is provided in the communication interface 950. The functions of the verification unit 440 and the unlocking unit 450 are realized by software. The device communication unit 410 is provided in the communication interface 950. The verification information storage unit 420 is provided in the memory 921 or the storage 922. The short-range communication unit 430 is provided in the short-range wireless interface 951. A program that realizes the function of the key opening / closing device 400 is called a key opening / closing program.
Hereinafter, the server program, the terminal program, the management program, and the key opening / closing program may be referred to as an electronic lock management program or a program of each device. In each device of the electronic lock system 500, a functional element realized by software may be referred to as each unit of each device of the electronic lock system 500.
 プロセッサ910は、各装置のプログラムを実行する装置である。
 プロセッサ910は、演算処理を行うIC(Integrated Circuit)である。プロセッサ910の具体例は、CPU()、DSP(Digital Signal Processor)、GPU(Graphics Processing Unit)である。 The processor 910 is a device that executes a program of each device.
The processor 910 is an IC (Integrated Circuit) that performs arithmetic processing. Specific examples of the processor 910 are a CPU (), a DSP (Digital Signal Processor), and a GPU (Graphics Processing Unit).
 メモリ921は、データを一時的に記憶する記憶装置である。メモリ921の具体例は、SRAM(Static Random Access Memory)、あるいはDRAM(Dynamic Random Access Memory)である。
 ストレージ922は、データを保管する記憶装置である。ストレージ922の具体例は、HDDである。また、ストレージ922は、SD(登録商標)メモリカード、CF、NANDフラッシュ、フレキシブルディスク、光ディスク、コンパクトディスク、ブルーレイ(登録商標)ディスク、DVDといった可搬記憶媒体であってもよい。なお、HDDは、Hard Disk Driveの略語である。SD(登録商標)は、Secure Digitalの略語である。CFは、CompactFlash(登録商標)の略語である。DVDは、Digital Versatile Diskの略語である。 The memory 921 is a storage device that temporarily stores data. A specific example of the memory 921 is an SRAM (Static Random Access Memory) or a DRAM (Dynamic Random Access Memory).
The storage 922 is a storage device that stores data. A specific example of the storage 922 is an HDD. The storage 922 may be a portable storage medium such as an SD (registered trademark) memory card, CF, NAND flash, flexible disk, optical disk, compact disk, Blu-ray (registered trademark) disk, or DVD. Note that HDD is an abbreviation for Hard Disk Drive. SD (registered trademark) is an abbreviation for Secure Digital. CF is an abbreviation for CompactFlash®. DVD is an abbreviation for Digital Versatile Disk.
 入力インタフェース930は、マウス、キーボード、あるいはタッチパネルといった入力装置と接続されるポートである。入力インタフェース930は、具体的には、USB(Universal Serial Bus)端子である。なお、入力インタフェース930は、LANと接続されるポートであってもよい。
 出力インタフェース940は、ディスプレイといった出力機器のケーブルが接続されるポートである。出力インタフェース940は、具体的には、USB端子またはHDMI(登録商標)(High Definition Multimedia Interface)端子である。ディスプレイは、具体的には、LCD(Liquid Crystal Display)である。 The input interface 930 is a port connected to an input device such as a mouse, a keyboard, or a touch panel. The input interface 930 is, specifically, a USB (Universal Serial Bus) terminal. Note that the input interface 930 may be a port connected to a LAN.
The output interface 940 is a port to which a cable of an output device such as a display is connected. The output interface 940 is, specifically, a USB terminal or an HDMI (registered trademark) (High Definition Multimedia Interface) terminal. The display is, specifically, an LCD (Liquid Crystal Display).
 通信インタフェース950は、レシーバとトランスミッタに接続される。通信インタフェース950は、無線で、LAN、インターネット、あるいは電話回線といった通信網に接続している。通信インタフェース950は、具体的には、通信チップまたはNIC(Network Interface Card)である The communication interface 950 is connected to the receiver and the transmitter. The communication interface 950 is wirelessly connected to a communication network such as a LAN, the Internet, or a telephone line. The communication interface 950 is, specifically, a communication chip or an NIC (Network Interface Card).
 各装置のプログラムは、プロセッサ910に読み込まれ、プロセッサ910によって実行される。メモリ921には、各装置のプログラムだけでなく、OS(Operating System)も記憶されている。プロセッサ910は、OSを実行しながら、各装置のプログラムを実行する。各装置のプログラムおよびOSは、ストレージ922に記憶されていてもよい。ストレージ922に記憶されている各装置のプログラムおよびOSは、メモリ921にロードされ、プロセッサ910によって実行される。なお、各装置のプログラムの一部または全部がOSに組み込まれていてもよい。 プ ロ グ ラ ム The program of each device is read by the processor 910 and executed by the processor 910. The memory 921 stores not only a program of each device but also an OS (Operating @ System). The processor 910 executes a program of each device while executing the OS. The program and OS of each device may be stored in the storage 922. The program and OS of each device stored in the storage 922 are loaded into the memory 921 and executed by the processor 910. A part or all of the program of each device may be incorporated in the OS.
 各装置は、プロセッサ910を代替する複数のプロセッサを備えていてもよい。これら複数のプロセッサは、各装置のプログラムの実行を分担する。それぞれのプロセッサは、プロセッサ910と同じように、各装置のプログラムを実行する装置である。 Each device may include a plurality of processors instead of the processor 910. These processors share the execution of the program of each device. Each processor is a device that executes a program of each device, similarly to the processor 910.
 各装置のプログラムにより利用、処理または出力されるデータ、情報、信号値および変数値は、メモリ921、ストレージ922、または、プロセッサ910内のレジスタあるいはキャッシュメモリに記憶される。 Data, information, signal values, and variable values used, processed, or output by the program of each device are stored in the memory 921, the storage 922, or a register or cache memory in the processor 910.
 各装置の各部の「部」を「処理」、「手順」あるいは「工程」に読み替えてもよい。また各装置の各部の「部」を「処理」に読み替えた各処理の「処理」を「プログラム」、「プログラムプロダクト」または「プログラムを記録したコンピュータ読取可能な記憶媒体」に読み替えてもよい。
 各装置のプログラムは、上記の各装置の各部の「部」を「処理」、「手順」あるいは「工程」に読み替えた各処理、各手順あるいは各工程を、コンピュータに実行させる。また、電子錠管理方法は、電子錠システム500が電子錠管理プログラムを実行することにより行われる方法である。
 電子錠管理プログラムは、コンピュータ読取可能な記録媒体に格納されて提供されてもよい。また、電子錠管理プログラムは、プログラムプロダクトとして提供されてもよい。 The “unit” of each unit of each device may be read as “processing”, “procedure” or “step”. Further, the “process” of each process in which “unit” of each unit of each device is replaced with “process” may be replaced with “program”, “program product”, or “computer-readable storage medium storing the program”.
The program of each device causes the computer to execute each process, each procedure or each process in which the “unit” of each portion of each device is replaced with “process”, “procedure” or “process”. The electronic lock management method is a method performed by the electronic lock system 500 executing the electronic lock management program.
The electronic lock management program may be provided by being stored in a computer-readable recording medium. Further, the electronic lock management program may be provided as a program product.
***動作の説明***
 次に、図6から図13を用いて、本実施の形態に係る電子錠システム500の動作について説明する。 *** Explanation of operation ***
Next, the operation of the electronic lock system 500 according to the present embodiment will be described with reference to FIGS.
<秘密情報記憶処理S100>
 図6を用いて、本実施の形態に係る秘密情報記憶処理S100の動作について説明する。秘密情報記憶処理S100は、サーバ装置100により実行される。秘密情報記憶処理S100では、秘密情報記憶部140は、秘密鍵と秘密鍵に対応する公開鍵の証明書とを秘密情報31としてメモリ921に記憶する。 <Secret information storage processing S100>
The operation of secret information storage processing S100 according to the present embodiment will be described with reference to FIG. The secret information storage processing S100 is executed by the server device 100. In the secret information storage processing S100, the secret information storage unit 140 stores the secret key and the certificate of the public key corresponding to the secret key in the memory 921 as the secret information 31.
 ステップS101において、サーバ装置100の入力部150は、秘密鍵と、秘密鍵に対応する公開鍵のデジタル証明書を取得する。具体的には、入力部150は、PKI(Public Key Infrastructure)を用いたデジタル署名の秘密鍵と公開鍵、すなわちデジタル証明書の組を取得する。
 ステップS102において、サーバ装置100の秘密情報記憶部140は、秘密鍵と証明書の組を秘密情報31として記憶する。デジタル署名は、例えば、RSA(登録商標)署名、DSA、あるいはECDSAを用いた署名である。 In step S101, the input unit 150 of the server device 100 acquires a secret key and a digital certificate of a public key corresponding to the secret key. Specifically, the input unit 150 acquires a pair of a private key and a public key of a digital signature using PKI (Public Key Infrastructure), that is, a digital certificate.
In step S102, the secret information storage unit 140 of the server device 100 stores a set of the secret key and the certificate as the secret information 31. The digital signature is, for example, a signature using RSA (registered trademark), DSA, or ECDSA.
<検証情報配送処理S110>
 図7を用いて、本実施の形態に係る秘密情報31の例について説明する。秘密情報31は、ビルID(IDentifier)311と、秘密鍵312と、証明書313から構成される。ビルID311は、管理装置300が管理するビルを識別する識別子である。すなわち、秘密鍵312と証明書313の組は、ビルごとに取得される。 <Verification information delivery processing S110>
An example of secret information 31 according to the present embodiment will be described with reference to FIG. The secret information 31 includes a building ID (IDentifier) 311, a secret key 312, and a certificate 313. The building ID 311 is an identifier for identifying a building managed by the management device 300. That is, a set of the secret key 312 and the certificate 313 is obtained for each building.
 図8を用いて、本実施の形態に係る検証情報配送処理S110の動作について説明する。
 ステップS111において、サーバ装置100のサーバ通信部110は、証明書313を検証情報41として開閉システム600に送信する。サーバ通信部110は、証明書313を検証情報41として開閉システム600の管理装置300に送信する。
 ステップS112において、管理装置300の管理通信部310は、サーバ装置100から通信ネットワーク610を介して検証情報41を受信する。管理通信部310は、検証情報41を鍵開閉装置400に設備ネットワーク620を介して送信する。すなわち、管理装置300は、管理対象の全ての鍵開閉装置400に検証情報41を配布する。
 ステップS113において、鍵開閉装置400の検証情報記憶部420は、管理通信部310から受信した検証情報41をメモリ921に記憶する。 The operation of the verification information delivery processing S110 according to the present embodiment will be described with reference to FIG.
In step S111, the server communication unit 110 of the server device 100 transmits the certificate 313 as the verification information 41 to the opening / closing system 600. The server communication unit 110 transmits the certificate 313 as the verification information 41 to the management device 300 of the opening / closing system 600.
In step S112, the management communication unit 310 of the management device 300 receives the verification information 41 from the server device 100 via the communication network 610. The management communication unit 310 transmits the verification information 41 to the key opening / closing device 400 via the equipment network 620. That is, the management device 300 distributes the verification information 41 to all the key opening / closing devices 400 to be managed.
In step S113, the verification information storage unit 420 of the key opening / closing device 400 stores the verification information 41 received from the management communication unit 310 in the memory 921.
 なお、検証情報配送処理S110は、サーバ装置100に新しい秘密鍵と証明書の組が入力されたときに実施される。 The verification information delivery process S110 is performed when a new set of a secret key and a certificate is input to the server device 100.
<生成処理S20>
 次に、本実施の形態に係る生成処理S20について説明する。生成処理S20は、後述する認証情報生成処理S120と認証済情報配送処理S130を有する。
 生成処理S20において、生成部160は、ユーザ権限情報32を取得し、ユーザ権限情報32と秘密鍵312とを用いて、ユーザの開錠権限の正当性を認証するための認証済情報を生成する。ユーザ権限情報32は、設備401を利用するユーザを識別するユーザ識別子と、ユーザによる開錠が許可されている設備401を識別する設備識別子とが対応付けられた情報である。 <Generation processing S20>
Next, generation processing S20 according to the present embodiment will be described. The generation process S20 includes an authentication information generation process S120 and an authenticated information delivery process S130 described below.
In the generation process S20, the generation unit 160 acquires the user authority information 32, and generates authenticated information for authenticating the validity of the unlocking authority of the user using the user authority information 32 and the secret key 312. . The user authority information 32 is information in which a user identifier for identifying a user who uses the facility 401 is associated with a facility identifier for identifying the facility 401 which is permitted to be unlocked by the user.
 図9は、本実施の形態に係るユーザ権限情報32の例を示す図である。
 ユーザ権限情報32は、ビルID321と、ユーザID322と、扉ID323を備え。ビルID321は、管理装置300が管理するビルを識別する識別子である。ユーザID322は、ユーザを識別するユーザ識別子である。扉ID323は、設備401である扉を識別する設備識別子である。 FIG. 9 is a diagram illustrating an example of the user authority information 32 according to the present embodiment.
The user authority information 32 includes a building ID 321, a user ID 322, and a door ID 323. The building ID 321 is an identifier for identifying a building managed by the management device 300. The user ID 322 is a user identifier for identifying a user. The door ID 323 is a facility identifier for identifying the door as the facility 401.
 図10を用いて、本実施の形態に係る認証情報生成処理S120の動作について説明する。
 ステップS121において、入力部150は、ユーザ権限情報32を取得する。ユーザ権限情報32は、ビルを識別するビルIDと、ユーザを識別するユーザIDと、そのユーザが通過可能な扉を識別する扉IDの組み合わせである。入力部150は、例えば、csv(comma-separated values)形式のファイルあるいはその他の形式でユーザ権限情報32の入力を受け付ける。
 ステップS122において、サーバ装置100の開錠権限生成部120は、ユーザIDと扉IDとを用いて開錠権限を表す開錠権限データ33を生成する。具体的には、開錠権限生成部120は、ユーザIDと、そのユーザが通過可能な扉IDを連結した文字列を開錠権限データ33として生成する。なお、開錠権限生成部120は、開錠権限データ33の生成後、入力部150により受け付けたデータを記憶していなくてもよい。 The operation of authentication information generation processing S120 according to the present embodiment will be described using FIG.
In step S121, the input unit 150 acquires the user authority information 32. The user authority information 32 is a combination of a building ID for identifying a building, a user ID for identifying a user, and a door ID for identifying a door through which the user can pass. The input unit 150 accepts the input of the user authority information 32 in, for example, a csv (coma-separated values) format file or another format.
In step S122, the unlocking authority generation unit 120 of the server device 100 generates the unlocking authority data 33 indicating the unlocking authority using the user ID and the door ID. Specifically, the unlocking authority generation unit 120 generates a character string in which the user ID is linked to the door ID through which the user can pass, as the unlocking authority data 33. Note that the unlocking authority generation unit 120 may not store the data received by the input unit 150 after the generation of the unlocking authority data 33.
 図11は、本実施の形態に係る開錠権限データ33および認証済情報35の例を示す図である。
 図11に示すように、開錠権限データ33は、ユーザIDと扉IDが明確に識別可能な文字列あるいはバイナリ列として表現されたデータ列である。図11は、XML形式の例を示している。その他、csv形式、json形式、あるいは適当な区切り文字で区切った文字列といった形式でもよい。 FIG. 11 is a diagram showing an example of unlocking authority data 33 and authenticated information 35 according to the present embodiment.
As shown in FIG. 11, the unlocking authority data 33 is a data string represented as a character string or a binary string in which the user ID and the door ID can be clearly identified. FIG. 11 shows an example of the XML format. In addition, a format such as a csv format, a json format, or a character string delimited by an appropriate delimiter may be used.
 ステップS123において、サーバ装置100の認証情報生成部130は、開錠権限データ33と秘密鍵312とを用いて、開錠権限データ33を認証する署名を認証情報34として生成する。そして、認証情報生成部130は、認証情報34が付加された開錠権限データ33を認証済情報35として出力する。このように、認証情報生成部130は、開錠権限データ33に対して秘密鍵312を用いてデジタル署名を生成し、生成された署名を認証情報34とする。
 図11に示すように、認証情報生成部130は、開錠権限データ33と秘密鍵312とを用いて、開錠権限データ33を認証するデジタル署名を生成し、認証情報34とする。そして、認証情報生成部130は、開錠権限データ33と認証情報34との組を認証済情報35として、サーバ通信部110に出力する。 In step S123, the authentication information generation unit 130 of the server device 100 generates a signature for authenticating the unlocking authority data 33 as the authentication information 34 using the unlocking authority data 33 and the secret key 312. Then, the authentication information generation unit 130 outputs the unlocking authority data 33 to which the authentication information 34 has been added as the authenticated information 35. As described above, the authentication information generation unit 130 generates a digital signature for the unlocking authority data 33 using the secret key 312, and sets the generated signature as the authentication information 34.
As shown in FIG. 11, the authentication information generating unit 130 generates a digital signature for authenticating the unlocking authority data 33 using the unlocking authority data 33 and the secret key 312, and sets the digital signature as authentication information 34. Then, the authentication information generation unit 130 outputs the set of the unlocking authority data 33 and the authentication information 34 to the server communication unit 110 as the authenticated information 35.
 図12を用いて、本実施の形態に係る認証済情報配送処理S130の動作について説明する。
 ステップS131において、サーバ装置100のサーバ通信部110は、認証済情報35を端末装置200に送信する。
 ステップS132において、端末装置200の端末通信部210は、認証済情報35を受信する。
 ステップS133において、端末装置200の認証済情報記憶部220は、端末通信部210により受信された認証済情報35をメモリ921に記憶する。 The operation of the authenticated information delivery processing S130 according to the present embodiment will be described with reference to FIG.
In step S131, the server communication unit 110 of the server device 100 transmits the authenticated information 35 to the terminal device 200.
In step S132, the terminal communication unit 210 of the terminal device 200 receives the authenticated information 35.
In step S133, the authenticated information storage unit 220 of the terminal device 200 stores the authenticated information 35 received by the terminal communication unit 210 in the memory 921.
 以上のように、サーバ装置100は、開錠権限データ33と認証情報34を端末装置200に送信し、記憶させる。通信の開始はサーバ装置100によるプッシュ通信でも端末装置200によるプル通信でもよい。なお、認証済情報配送処理S130は、サーバ装置100に新しい秘密鍵と証明書の組が入力されたときに実施される。 As described above, the server device 100 transmits the unlocking authority data 33 and the authentication information 34 to the terminal device 200 and stores them. The start of communication may be push communication by the server device 100 or pull communication by the terminal device 200. The authenticated information delivery processing S130 is performed when a new set of a secret key and a certificate is input to the server device 100.
 図13を用いて、本実施の形態に係る開錠処理S140の動作について説明する。
 ステップS141において、鍵開閉装置400の近距離通信部430は、端末装置200から近距離無線により認証済情報35を受信する。具体的には、設備401である扉を利用したいユーザの端末装置200が、扉近傍に設置された鍵開閉装置400にかざされる。そして、近距離通信部430は、端末装置200の近距離通信部230から、近距離無線ネットワーク630を介して認証済情報35を受信する。 The operation of the unlocking process S140 according to the present embodiment will be described with reference to FIG.
In step S141, the short-range communication unit 430 of the key opening / closing device 400 receives the authenticated information 35 from the terminal device 200 by short-range wireless communication. Specifically, the terminal device 200 of the user who wants to use the door as the facility 401 is held over the key opening / closing device 400 installed near the door. Then, the short-range communication unit 430 receives the authenticated information 35 from the short-range communication unit 230 of the terminal device 200 via the short-range wireless network 630.
 ステップS142において、鍵開閉装置400の検証部440は、端末装置200から近距離無線により認証済情報35を受信すると、認証済情報35と検証情報記憶部420に記憶された検証情報41とを用いて、開錠権限の正当性を検証する。
 ステップS143において、検証部440は、認証済情報35に含まれる開錠権限データ33が正当であるかを検証する。検証部440は、検証用の公開鍵を含むデジタル証明書である検証情報41を用いて、認証済情報35に含まれるデジタル署名である認証情報34を検証し、開錠権限データ33が正当であるかを検証する。具体的には、検証部440は、開錠権限データ33とデジタル署名の組と、検証用の公開鍵を含むデジタル証明書とから、デジタル署名の署名検証アルゴリズムを用いて開錠権限データ33が改ざんされていないことを確認する。開錠権限データ33が正当である場合、ステップS144に進む。開錠権限データ33が正当でない場合、処理を終了する。
 ステップS144において、検証部440は、開錠権限データ33に含まれる設備識別子である扉IDが正当であるかを検証する。具体的には、検証部440は、開錠権限データ33に鍵開閉装置400に対応する設備401の設備識別子が扉IDとして含まれているかを検証する。扉IDが正当である場合、ステップS145に進む。扉IDが正当でない場合、処理を終了する。 In step S142, upon receiving the authenticated information 35 from the terminal device 200 by short-range wireless communication, the verification unit 440 of the key opening / closing device 400 uses the authenticated information 35 and the verification information 41 stored in the verification information storage unit 420. And verify the validity of the unlocking authority.
In step S143, the verification unit 440 verifies whether the unlocking authority data 33 included in the authenticated information 35 is valid. The verification unit 440 verifies the authentication information 34 which is a digital signature included in the authenticated information 35 by using the verification information 41 which is a digital certificate including a public key for verification, and the unlocking authority data 33 is valid. Verify that there is. Specifically, the verification unit 440 converts the unlocking authority data 33 from the set of the unlocking authority data 33 and the digital signature, and the digital certificate including the public key for verification, using the signature verification algorithm of the digital signature. Make sure it has not been tampered with. If the unlocking authority data 33 is valid, the process proceeds to step S144. If the unlocking authority data 33 is not valid, the process ends.
In step S144, the verification unit 440 verifies whether the door ID that is the equipment identifier included in the unlocking authority data 33 is valid. Specifically, the verification unit 440 verifies whether the unlocking authority data 33 includes the equipment identifier of the equipment 401 corresponding to the key opening / closing device 400 as the door ID. If the door ID is valid, the process proceeds to step S145. If the door ID is not valid, the process ends.
 ステップS145において、鍵開閉装置400の開錠部450は、検証部440により開錠権限の正当性が検証されると、電子錠402を開錠する。開錠部450は、開錠権限データ33の正当性が確認され、かつ、開錠権限データ33に含まれる扉IDの正当性が確認された場合に、開錠権限が正当であると判定する。開錠部450は、開錠権限データ33の正当性、および、開錠権限データ33に含まれる扉IDの正当性のうち、いずれかあるいはいずれも確認できない場合は、開錠権限が正当でないと判定し、電子錠402を開錠せずに処理を終了する。 In step S145, when the validity of the unlocking authority is verified by the verification unit 440, the unlocking unit 450 of the key opening / closing device 400 unlocks the electronic lock 402. When the validity of the unlocking authority data 33 is confirmed and the validity of the door ID included in the unlocking authority data 33 is confirmed, the unlocking unit 450 determines that the unlocking authority is valid. . The unlocking unit 450 determines that the unlocking authority is not valid if any one or any of the validity of the unlocking authority data 33 and the validity of the door ID included in the unlocking authority data 33 cannot be confirmed. It is determined, and the process is terminated without unlocking the electronic lock 402.
***他の構成***
 本実施の形態では、電子錠システム500の各装置の各部の機能がソフトウェアで実現される。変形例として、電子錠システム500の各装置の各部の機能がハードウェアで実現されてもよい。この場合、電子錠システム500の各装置は、プロセッサ910に替えて電子回路を備える。 *** Other configuration ***
In the present embodiment, the function of each unit of each device of the electronic lock system 500 is realized by software. As a modification, the function of each unit of each device of the electronic lock system 500 may be realized by hardware. In this case, each device of the electronic lock system 500 includes an electronic circuit instead of the processor 910.
 電子回路は、電子錠システム500の各装置の各部の機能を実現する専用の電子回路である。
 電子回路は、具体的には、単一回路、複合回路、プログラム化したプロセッサ、並列プログラム化したプロセッサ、ロジックIC、GA、ASIC、または、FPGAである。GAは、Gate Arrayの略語である。ASICは、Application Specific Integrated Circuitの略語である。FPGAは、Field-Programmable Gate Arrayの略語である。
 電子錠システム500の各装置の各部の機能は、1つの電子回路で実現されてもよいし、複数の電子回路に分散して実現されてもよい。
 別の変形例として、電子錠システム500の各装置の各部の一部の機能が電子回路で実現され、残りの機能がソフトウェアで実現されてもよい。 The electronic circuit is a dedicated electronic circuit that realizes the function of each unit of each device of the electronic lock system 500.
The electronic circuit is, specifically, a single circuit, a composite circuit, a programmed processor, a parallel programmed processor, a logic IC, a GA, an ASIC, or an FPGA. GA is an abbreviation for Gate Array. ASIC is an abbreviation for Application Specific Integrated Circuit. FPGA is an abbreviation for Field-Programmable Gate Array.
The function of each unit of each device of the electronic lock system 500 may be realized by one electronic circuit, or may be realized by being distributed to a plurality of electronic circuits.
As another modification, some functions of each unit of each device of the electronic lock system 500 may be realized by an electronic circuit, and the remaining functions may be realized by software.
 プロセッサと電子回路の各々は、プロセッシングサーキットリとも呼ばれる。つまり、電子錠システム500の各装置において、電子錠システム500の各装置の各部の機能は、プロセッシングサーキットリにより実現される。 Each of the processor and the electronic circuit is also called a processing circuitry. That is, in each device of the electronic lock system 500, the function of each unit of each device of the electronic lock system 500 is realized by the processing circuitry.
***本実施の形態の効果の説明***
 本実施の形態に係る電子錠システム500では、開錠権限の正当性、すなわち、開錠権限データが改ざんされておらず、かつ内容が正しいことをデジタル署名によって保護する。また、鍵開閉装置が、署名の検証に必要な公開鍵証明書を保持する。よって、本実施の形態に係る電子錠システム500によれば、鍵開閉装置は、サーバ装置との通信なしに開錠を判定することができる。 *** Explanation of effect of this embodiment ***
In the electronic lock system 500 according to the present embodiment, the validity of the unlocking authority, that is, the fact that the unlocking authority data is not falsified and the contents are correct is protected by a digital signature. Further, the key opening / closing device holds a public key certificate required for signature verification. Therefore, according to the electronic lock system 500 according to the present embodiment, the key opening / closing device can determine unlocking without communication with the server device.
 本実施の形態に係る電子錠システム500では、開錠権限の正当性を検証する際に鍵開閉装置が管理装置と通信せずに開錠権限の正当性を検証可能とすることで、開錠の判定に必要な通信量を削減できる。また、サーバ装置と、複数ある鍵開閉装置が個別に通信する必要がなくなるため、外部ネットワークとビル内ネットワークが接する接続口を制限することで、情報セキュリティ上の管理対象増加を抑制することができる。また、さらに、副次的な効果としてサーバ装置はユーザと開錠可能な扉の組み合わせを記憶しておく必要がない。 In the electronic lock system 500 according to the present embodiment, when verifying the validity of the unlocking authority, the key opening / closing device can verify the validity of the unlocking authority without communicating with the management device. Can be reduced in the communication amount required for the determination. Further, since it is not necessary for the server device and the plurality of key opening / closing devices to individually communicate with each other, it is possible to suppress an increase in information security management targets by restricting a connection port between the external network and the building network. . Further, as a secondary effect, the server device does not need to store the combination of the user and the unlockable door.
 実施の形態2.
 本実施の形態では、主に、実施の形態1と異なる点について説明する。なお、実施の形態1と同様の構成には同一の符号を付し、その説明を省略する場合がある。 Embodiment 2 FIG.
In the present embodiment, points different from Embodiment 1 will be mainly described. The same components as those in the first embodiment are denoted by the same reference numerals, and description thereof may be omitted.
***構成の説明***
 図14を用いて、本実施の形態に係る電子錠システム500aの構成について説明する。本実施の形態に係る電子錠システム500aにおいて、実施の形態1と異なる点は、鍵開閉装置400aが検証情報記憶部420および検証部440を備えていない点である。また、管理装置300aが、検証情報記憶部420および検証部440と同様の機能を有する検証情報記憶部320および検証部340を備える。 *** Configuration description ***
The configuration of electronic lock system 500a according to the present embodiment will be described with reference to FIG. The electronic lock system 500a according to the present embodiment is different from the first embodiment in that the key opening / closing device 400a does not include the verification information storage unit 420 and the verification unit 440. Further, the management device 300a includes a verification information storage unit 320 and a verification unit 340 having the same functions as the verification information storage unit 420 and the verification unit 440.
***動作の説明***
 図15を用いて、本実施の形態に係る検証情報配送処理S110aの動作について説明する。
 ステップS111において、サーバ通信部110は、証明書313を検証情報41として管理装置300aに送信する。ステップS111の処理は、実施の形態1で説明した図8のステップS111と同様である。
 ステップS114aにおいて、管理装置300aの検証情報記憶部320は、サーバ装置100から受信した検証情報41をメモリ921に記憶する。 *** Explanation of operation ***
The operation of the verification information delivery process S110a according to the present embodiment will be described with reference to FIG.
In step S111, the server communication unit 110 transmits the certificate 313 as the verification information 41 to the management device 300a. The process of step S111 is the same as step S111 of FIG. 8 described in the first embodiment.
In step S114a, the verification information storage unit 320 of the management device 300a stores the verification information 41 received from the server device 100 in the memory 921.
 図16を用いて、本実施の形態に係る開錠処理S140aの動作について説明する。
 ステップS141において、鍵開閉装置400aの近距離通信部430は、端末装置200から近距離無線により認証済情報35を受信する。ステップS141の処理は、実施の形態1で説明した図13のステップS141と同様である。 The operation of the unlocking process S140a according to the present embodiment will be described with reference to FIG.
In step S141, the short-range communication unit 430 of the key opening / closing device 400a receives the authenticated information 35 from the terminal device 200 by short-range wireless communication. The processing in step S141 is the same as step S141 in FIG. 13 described in the first embodiment.
 ステップS146aにおいて、鍵開閉装置400aの装置通信部410は、近距離通信部430により受信された認証済情報35を、管理装置300aに送信する。装置通信部410は、設備ネットワーク620を介して、認証済情報35を管理装置300aに転送する。 In step S146a, the device communication unit 410 of the key opening / closing device 400a transmits the authenticated information 35 received by the short-range communication unit 430 to the management device 300a. The device communication unit 410 transfers the authenticated information 35 to the management device 300a via the equipment network 620.
 次に、ステップS143aにおいて、管理装置300aの検証部340は、装置通信部410から送信された認証済情報35に含まれる開錠権限データ33が正当であるかを検証する。開錠権限データ33が正当である場合、ステップS144aに進む。開錠権限データ33が正当でない場合、処理を終了する。
 ステップS144aにおいて、検証部340は、開錠権限データ33に含まれる設備識別子である扉IDが正当であるかを検証する。扉IDが正当である場合、ステップS147aに進む。扉IDが正当でない場合、処理を終了する。
 ステップS143aとステップS144aの検証部340の処理は、実施の形態1で説明した図13のステップS143とステップS144の処理と同様である。ただし、本実施の形態では、検証部340の処理は管理装置300aで行われる。 Next, in step S143a, the verification unit 340 of the management device 300a verifies whether the unlocking authority data 33 included in the authenticated information 35 transmitted from the device communication unit 410 is valid. If the unlocking authority data 33 is valid, the process proceeds to step S144a. If the unlocking authority data 33 is not valid, the process ends.
In step S144a, the verification unit 340 verifies whether the door ID that is the equipment identifier included in the unlocking authority data 33 is valid. If the door ID is valid, the process proceeds to step S147a. If the door ID is not valid, the process ends.
The processing of the verification unit 340 in steps S143a and S144a is the same as the processing in steps S143 and S144 of FIG. 13 described in the first embodiment. However, in the present embodiment, the processing of the verification unit 340 is performed by the management device 300a.
 ステップS147aにおいて、検証部340は、開錠権限データ33の正当性が確認され、かつ、開錠権限データ33に含まれる扉IDの正当性が確認された場合に、開錠権限が正当であると判定する。検証部340は、開錠権限の正当性が検証されると、管理通信部310を介して、電子錠402の開錠を指令する開錠指令を鍵開閉装置400aに送信する。
 ステップS145aにおいて、鍵開閉装置400aの開錠部450は、検証部340から開錠指令を受信すると、電子錠402を開錠する。 In step S147a, the verification unit 340 determines that the unlocking authority is valid when the validity of the unlocking authority data 33 is confirmed and the validity of the door ID included in the unlocking authority data 33 is confirmed. Is determined. When the validity of the unlocking authority is verified, the verification unit 340 transmits an unlock command for instructing the electronic lock 402 to be unlocked to the key opening / closing device 400a via the management communication unit 310.
In step S145a, upon receiving the unlock command from the verification unit 340, the unlocking unit 450 of the key opening / closing device 400a unlocks the electronic lock 402.
 なお、秘密情報記憶処理、認証情報生成処理、および認証済情報配送処理については、実施の形態1と同様である。 Note that the secret information storage processing, the authentication information generation processing, and the authenticated information delivery processing are the same as in the first embodiment.
***本実施の形態の効果の説明***
 本実施の形態に係る電子錠システム500aでは、開錠権限の正当性の検証に必要な記憶容量および計算能力を管理装置に集約する。よって、本実施の形態に係る電子錠システム500aによれば、鍵開閉装置の構成を簡素化することができる。さらに、ビル内に複数存在する鍵開閉装置の構成を簡素化することで、より本実施の形態に係る電子錠管理処理の実施が容易になる。 *** Explanation of effect of this embodiment ***
In the electronic lock system 500a according to the present embodiment, the storage capacity and the calculation capacity necessary for verifying the validity of the unlocking authority are collected in the management device. Therefore, according to the electronic lock system 500a according to the present embodiment, the configuration of the key opening / closing device can be simplified. Furthermore, by simplifying the configuration of a plurality of key opening / closing devices in a building, it becomes easier to perform the electronic lock management process according to the present embodiment.
 実施の形態3.
 本実施の形態では、主に、実施の形態2と異なる点について説明する。なお、実施の形態1,2と同様の構成には同一の符号を付し、その説明を省略する場合がある。 Embodiment 3 FIG.
In the present embodiment, points different from the second embodiment will be mainly described. The same components as those in the first and second embodiments are denoted by the same reference numerals, and description thereof may be omitted.
***構成の説明***
 図17を用いて、本実施の形態に係る電子錠システム500bの構成について説明する。
 本実施の形態のサーバ装置100bは、実施の形態1,2のサーバ装置100に加え、サーバ暗号化部161を備える。また、本実施の形態の端末装置200bは、実施の形態2の端末装置200に加え、端末暗号化部240と端末復号部250を備える。また、本実施の形態の鍵開閉装置400bは、実施の形態2の鍵開閉装置400aに加え、装置復号部460を備える。 *** Configuration description ***
The configuration of electronic lock system 500b according to the present embodiment will be described using FIG.
The server device 100b of the present embodiment includes a server encryption unit 161 in addition to the components of the server devices 100 of the first and second embodiments. The terminal device 200b according to the present embodiment includes a terminal encryption unit 240 and a terminal decryption unit 250 in addition to the terminal device 200 according to the second embodiment. The key opening / closing device 400b according to the present embodiment includes a device decryption unit 460 in addition to the key opening / closing device 400a according to the second embodiment.
 本実施の形態に係る電子錠システム500aでは、サーバ装置100bは、認証済情報を暗号化するサーバ暗号化部161を備える。また、サーバ通信部110は、暗号化された認証済情報を端末装置200bに送信する。
 端末装置200bの端末通信部210は、サーバ通信部110から暗号化された認証済情報を受信する。端末復号部250は、端末通信部210により受信された、暗号化された認証済情報を復号する。認証済情報記憶部220は、暗号化された認証済情報を復号することにより得られた認証済情報を記憶する。端末暗号化部240は、認証済情報記憶部220に記憶された認証済情報を暗号化する。端末装置200bの近距離通信部230は、端末暗号化部240により暗号化された認証済情報を鍵開閉装置400bに送信する。
 鍵開閉装置400bの装置復号部460は、端末暗号化部240により暗号化された認証済情報を復号する。 In electronic lock system 500a according to the present embodiment, server device 100b includes a server encryption unit 161 that encrypts authenticated information. The server communication unit 110 transmits the encrypted authenticated information to the terminal device 200b.
The terminal communication unit 210 of the terminal device 200b receives the encrypted authenticated information from the server communication unit 110. The terminal decryption unit 250 decrypts the encrypted authenticated information received by the terminal communication unit 210. The authenticated information storage unit 220 stores the authenticated information obtained by decrypting the encrypted authenticated information. The terminal encryption unit 240 encrypts the authenticated information stored in the authenticated information storage unit 220. The short-range communication unit 230 of the terminal device 200b transmits the authenticated information encrypted by the terminal encryption unit 240 to the key opening / closing device 400b.
The device decryption unit 460 of the key opening / closing device 400b decrypts the authenticated information encrypted by the terminal encryption unit 240.
***動作の説明***
 図18を用いて、本実施の形態に係る認証済情報配送処理S130bの動作について説明する。
 ステップS134bにおいて、サーバ暗号化部161は、開錠権限データ33と認証情報34の組である認証済情報35を暗号化する。具体的には、サーバ暗号化部161は、SSL(Secure Sockets Layer)/TLS(Transport Layer Security)を利用して暗号化する。このように、通信時に認証済情報を暗号化することにより、認証済情報は盗聴から保護される。
 ステップS131bにおいて、サーバ通信部110は、暗号化された認証済情報を端末装置200bに送信する。
 ステップS132bにおいて、端末通信部210は、暗号化された認証済情報を受信する。
 ステップS135bにおいて、端末復号部250は、暗号化された認証済情報を復号し、認証済情報35を得る。
 ステップS133bにおいて、認証済情報記憶部220は、復号により得られた認証済情報35をメモリ921に記憶する。 *** Explanation of operation ***
The operation of the authenticated information delivery processing S130b according to the present embodiment will be described with reference to FIG.
In step S134b, the server encryption unit 161 encrypts the authenticated information 35, which is a set of the unlocking authority data 33 and the authentication information 34. Specifically, the server encryption unit 161 performs encryption using SSL (Secure Sockets Layer) / TLS (Transport Layer Security). In this way, by encrypting the authenticated information during communication, the authenticated information is protected from eavesdropping.
In step S131b, the server communication unit 110 transmits the encrypted authenticated information to the terminal device 200b.
In step S132b, the terminal communication unit 210 receives the encrypted authenticated information.
In step S135b, the terminal decryption unit 250 decrypts the encrypted authenticated information to obtain the authenticated information 35.
In step S133b, the authenticated information storage unit 220 stores the authenticated information 35 obtained by decryption in the memory 921.
 図19を用いて、本実施の形態に係る開錠処理S140bの動作について説明する。
 ステップS148bにおいて、端末装置200bの端末暗号化部240は、認証済情報記憶部220に記憶された認証済情報35を暗号化する。具体的には、端末暗号化部240は、Bluetooth(登録商標)のペアリング時の暗号化を利用して暗号化してもよい。あるいは、端末暗号化部240は、その他の暗号化方式によって独自に暗号化してもよい。このように、通信時に認証済情報を暗号化することにより、認証済情報は盗聴から保護される。
 ステップS141bにおいて、近距離通信部430は、端末装置200bから近距離無線により、端末暗号化部240により暗号化された認証済情報を受信する。
 ステップS149bにおいて、鍵開閉装置400bの装置復号部460は、端末装置200bから受信した、端末暗号化部240により暗号化された認証済情報を復号し、認証済情報35を得る。
 ステップS146abにおいて、装置通信部410は、復号により得られた認証済情報35を、管理装置300aに送信する。 The operation of the unlocking process S140b according to the present embodiment will be described using FIG.
In step S148b, the terminal encryption unit 240 of the terminal device 200b encrypts the authenticated information 35 stored in the authenticated information storage unit 220. Specifically, the terminal encryption unit 240 may perform encryption using Bluetooth (registered trademark) at the time of pairing. Alternatively, the terminal encryption unit 240 may independently perform encryption using another encryption method. In this way, by encrypting the authenticated information during communication, the authenticated information is protected from eavesdropping.
In step S141b, the short-range communication unit 430 receives the authenticated information encrypted by the terminal encryption unit 240 from the terminal device 200b by short-range wireless communication.
In step S149b, the device decrypting unit 460 of the key opening / closing device 400b decrypts the authenticated information received from the terminal device 200b and encrypted by the terminal encrypting unit 240, and obtains the authenticated information 35.
In step S146ab, the device communication unit 410 transmits the authenticated information 35 obtained by the decryption to the management device 300a.
 ステップS143a以降の処理は、実施の形態2で説明した図16のステップS143a以降の処理と同様である。 {The processing after step S143a is the same as the processing after step S143a in FIG. 16 described in the second embodiment.
 なお、秘密情報記憶処理、検証情報配送処理、および認証情報生成処理については、実施の形態2と同様である。 The secret information storage process, the verification information delivery process, and the authentication information generation process are the same as in the second embodiment.
***本実施の形態の効果の説明***
 本実施の形態に係る電子錠システム500bでは、通信路上で開錠権限データと認証情報を暗号化することで外部から秘匿する。本実施の形態に係る電子錠システム500bによれば、開錠権限を持たない部外者が正当なユーザの開錠権限と認証情報を詐取し、それらを再送することで不正に開錠すること、すなわちリプレイ攻撃を防ぎ、セキュリティを向上させる。 *** Explanation of effect of this embodiment ***
In the electronic lock system 500b according to the present embodiment, the unlocking authority data and the authentication information are encrypted from the outside by encrypting them on the communication path. According to the electronic lock system 500b according to the present embodiment, an outsider who does not have the unlocking authority can fraudulently unlock the unlocking authority and the authentication information of the legitimate user and resend them to unlock the lock illegally. That is, prevent replay attacks and improve security.
 実施の形態4.
 本実施の形態では、主に、実施の形態2と異なる点について説明する。なお、実施の形態1から3と同様の構成には同一の符号を付し、その説明を省略する場合がある。 Embodiment 4 FIG.
In the present embodiment, points different from the second embodiment will be mainly described. The same components as those in the first to third embodiments are denoted by the same reference numerals, and description thereof may be omitted.
***構成の説明***
 図20を用いて、本実施の形態に係る電子錠システム500cの構成について説明する。本実施の形態の管理装置300cは、実施の形態2の管理装置300aに加え、ログ収集部350を備える。 *** Configuration description ***
The configuration of electronic lock system 500c according to the present embodiment will be described using FIG. The management device 300c of the present embodiment includes a log collection unit 350 in addition to the management device 300a of the second embodiment.
***動作の説明***
 図21を用いて、本実施の形態に係る開錠処理S140cの動作について説明する。
 本実施の形態に係る開錠処理S140cにおいて、実施の形態2に係る開錠処理S140aと異なる点は、処理が終了する前にログ収集部350により開錠ログ351が収集される点である。
 開錠処理S140cでは、扉を開錠する処理(ステップS145a)の後に、ログ収集部350が開錠ログを記録する。また、ステップS143aあるいはステップS144aにおいて、開錠権限データ33が正当でない、あるいは、扉IDが正当でない場合に、ログ収集部350が開錠ログを記録する。その他のステップS141からステップS145aまでの処理は、実施の形態2の図16と同様である。 *** Explanation of operation ***
The operation of the unlocking process S140c according to the present embodiment will be described with reference to FIG.
The unlocking process S140c according to the present embodiment is different from the unlocking process S140a according to the second embodiment in that the unlocking log 351 is collected by the log collection unit 350 before the process ends.
In the unlocking process S140c, after the process of unlocking the door (step S145a), the log collection unit 350 records an unlocking log. In addition, in step S143a or step S144a, if the unlocking authority data 33 is not valid or the door ID is not valid, the log collection unit 350 records an unlocking log. Other processes from step S141 to step S145a are the same as those in FIG. 16 of the second embodiment.
 ステップS451において、ログ収集部350は、開錠部450により電子錠402が開錠されると、電子錠402が開錠された時刻と、ユーザ識別子であるユーザIDと、設備識別子である扉IDと、開錠の結果とを含むログを、開錠ログ351として収集する。ログ収集部350は、電子錠402が開錠されたことを報告する開錠報告を鍵開閉装置400aから受け取る。ログ収集部350は、例えば、この開錠報告を受信した時刻を電子錠402が開錠された時刻として開錠ログ351に設定する。
 また、ログ収集部350は、検証部340による開錠権限の正当性の検証が失敗すると、開錠権限の正当性の検証が失敗した時刻と、ユーザIDと、扉IDと、検証の結果とを含むログを、開錠ログ351として収集する。 In step S451, when the electronic lock 402 is unlocked by the unlocking unit 450, the log collection unit 350 determines the time at which the electronic lock 402 was unlocked, the user ID as a user identifier, and the door ID as an equipment identifier. And a log including the unlocking result is collected as an unlocking log 351. The log collection unit 350 receives an unlock report that reports that the electronic lock 402 has been unlocked from the key opening / closing device 400a. The log collection unit 350 sets, for example, the time at which the unlock report was received as the time at which the electronic lock 402 was unlocked in the unlock log 351.
If the verification unit 340 fails to verify the validity of the unlocking authority, the log collection unit 350 determines the time when the verification of the validity of the unlocking authority failed, the user ID, the door ID, and the result of the verification. Are collected as the unlock log 351.
 図22は、本実施の形態に係る開錠ログ351の例を示す図である。
 図22の開錠ログ351では、ユーザIDと、扉IDと、開錠権限データと、認証情報と、結果と、時刻が設定されている。
 このように、使われた開錠権限データと認証情報を含めることによって、不正な開錠権限が使われたことを記録することができる。なお、正常な通過のみを確認したい場合は、ユーザID、扉ID、結果、時刻のみを記録すればよい。開錠権限データと認証情報は、省略してもよい。 FIG. 22 is a diagram illustrating an example of the unlock log 351 according to the present embodiment.
In the unlock log 351 in FIG. 22, a user ID, a door ID, unlocking authority data, authentication information, a result, and a time are set.
In this way, by including the used unlocking authority data and the authentication information, it is possible to record that the unauthorized unlocking authority has been used. If it is desired to confirm only normal passage, only the user ID, the door ID, the result, and the time need be recorded. The unlocking authority data and the authentication information may be omitted.
 なお、秘密情報記憶処理、検証情報配送処理、認証情報生成処理、および認証済情報配送処理については、実施の形態2と同様である。 The secret information storage process, the verification information delivery process, the authentication information generation process, and the authenticated information delivery process are the same as those in the second embodiment.
***他の構成***
<変形例1>
 鍵開閉装置が、現在時刻を取得する時刻取得部を備えていてもよい。装置通信部は、開錠部により電子錠が開錠された時刻を時刻取得部により取得し、電子錠が開錠されたことを報告する開錠報告に、この時刻を含めて管理装置に送信する。鍵開閉装置が時刻取得部を備えることにより、電子錠が開錠された時刻をより正確に開錠ログに設定することができる。 *** Other configuration ***
<Modification 1>
The key opening and closing device may include a time acquisition unit that acquires the current time. The device communication unit obtains the time at which the electronic lock was unlocked by the unlocking unit by the time obtaining unit, and transmits this to the management device, including the time, in an unlock report that reports that the electronic lock was unlocked. I do. Since the key opening / closing device includes the time acquisition unit, the time at which the electronic lock is unlocked can be set more accurately in the unlock log.
<変形例2>
 鍵開閉装置は、開錠指示を管理装置から受信した際の時刻を時刻取得部により取得し、開錠報告に含めて管理装置に送信してもよい。また、開錠した場合だけ記録する場合は、ステップS143aおよびステップS144aにおいてNOの場合は、ログの記録をせずに処理を終了してもよい。また、その場合は、開錠ログに残るのは全て開錠に成功した場合のみのため、開錠の結果の保存を省いてもよい。 <Modification 2>
The key opening / closing device may acquire the time when the unlock instruction is received from the management device by the time acquisition unit, and include the time in the unlock report and transmit it to the management device. Further, when recording is performed only when unlocking is performed, and when NO is determined in step S143a and step S144a, the process may be ended without recording the log. Further, in that case, since all the information remains in the unlocking log only when the unlocking is successful, saving of the unlocking result may be omitted.
***本実施の形態の効果の説明***
 本実施の形態に係る電子錠システム500cでは、開錠を試みたユーザと開錠時刻を改ざん困難なログとして記録する。よって、本実施の形態に係る電子錠システム500cによれば、開錠したユーザが事後に開錠した事実を否認することを阻止することができる。また、本実施の形態に係る電子錠システム500cによれば、本来ユーザがビル内に存在しない時刻に、ユーザの開錠権限が使われたことを確認することによって、ユーザの開錠権限が不正利用されたことを検知できる。また、偽造された開錠権限によって開錠が試みられたことを検知できる。 *** Explanation of effect of this embodiment ***
In the electronic lock system 500c according to the present embodiment, the user who attempted to unlock and the unlock time are recorded as a log that is difficult to falsify. Therefore, according to the electronic lock system 500c according to the present embodiment, it is possible to prevent the unlocked user from denying the fact that the lock has been unlocked afterwards. Further, according to the electronic lock system 500c according to the present embodiment, by confirming that the unlocking authority of the user has been used at a time when the user is not originally in the building, the unlocking authority of the user is illegal. It can detect that it has been used. Further, it is possible to detect that the unlocking is attempted by the forged unlocking authority.
 実施の形態5.
 本実施の形態では、主に、実施の形態2と異なる点について説明する。なお、実施の形態1から4と同様の構成には同一の符号を付し、その説明を省略する場合がある。 Embodiment 5 FIG.
In the present embodiment, points different from the second embodiment will be mainly described. Note that the same components as those in Embodiments 1 to 4 are denoted by the same reference numerals, and description thereof may be omitted.
***構成の説明***
 図23を用いて、本実施の形態に係る電子錠システム500dの構成について説明する。本実施の形態のサーバ装置100dは、実施の形態1,2のサーバ装置100に加え、開錠権限記憶部170と失効情報生成部180を備える。また、本実施の形態の管理装置300dは、実施の形態2の管理装置300aに加え、失効情報記憶部360を備える。 *** Configuration description ***
The configuration of electronic lock system 500d according to the present embodiment will be described using FIG. The server device 100d according to the present embodiment includes, in addition to the server devices 100 according to the first and second embodiments, an unlocking authority storage unit 170 and a revocation information generation unit 180. The management device 300d according to the present embodiment includes a revocation information storage unit 360 in addition to the management device 300a according to the second embodiment.
***動作の説明***
 図24を用いて、本実施の形態に係る認証情報生成処理S120dの動作について説明する。
 ステップS121からステップS123の処理は、実施の形態1で説明した図10のステップS121からステップS123の処理と同様である。 *** Explanation of operation ***
The operation of authentication information generation processing S120d according to the present embodiment will be described with reference to FIG.
The processing from step S121 to step S123 is the same as the processing from step S121 to step S123 in FIG. 10 described in the first embodiment.
 ステップS124dにおいて、開錠権限生成部120は、ユーザ権限情報32を取得すると、取得したユーザ権限情報32から生成された開錠権限データ33のハッシュ値を計算する。
 ステップS125dにおいて、開錠権限生成部120は、開錠権限生成部120により計算されたハッシュ値が開錠権限記憶部170に記憶されているか否かを判定する。ハッシュ値が記憶されている場合、ステップS126dに進む。ハッシュ値が記憶されていない場合、ステップS127dに進む。 In step S124d, upon acquiring the user authority information 32, the unlocking authority generation unit 120 calculates a hash value of the unlocking authority data 33 generated from the acquired user authority information 32.
In step S125d, the unlocking authority generation unit 120 determines whether or not the hash value calculated by the unlocking authority generation unit 120 is stored in the unlocking authority storage unit 170. When the hash value is stored, the process proceeds to step S126d. If the hash value has not been stored, the process proceeds to step S127d.
 図25は、本実施の形態に係る開錠権限記憶部170の構成を示す図である。
 開錠権限記憶部170は、開錠権限データ33のハッシュ値とユーザ識別子とを記憶する。具体的には、ビルIDと、ユーザ識別子であるユーザIDと、開錠権限データ33のハッシュ値である開錠権限IDとが対応付けられて記憶される。ハッシュ値は高速に計算可能なハッシュ関数に開錠権限データ33を入力して得られる文字列ないしバイナリ列である。高速に計算可能なハッシュ関数の具体例は、CRC(Cyclic Redundancy Check)あるいはmd5(Message Digest Algorithm 5)といった関数である。 FIG. 25 is a diagram showing a configuration of the unlocking authority storage unit 170 according to the present embodiment.
The unlocking authority storage unit 170 stores a hash value of the unlocking authority data 33 and a user identifier. Specifically, a building ID, a user ID as a user identifier, and an unlocking authority ID as a hash value of the unlocking authority data 33 are stored in association with each other. The hash value is a character string or a binary string obtained by inputting the unlocking authority data 33 to a hash function that can be calculated at high speed. A specific example of the hash function that can be calculated at high speed is a function such as CRC (Cyclic Redundancy Check) or md5 (Message Digest Algorithm 5).
 ステップS126dにおいて、失効情報生成部180は、開錠権限生成部120により計算されたハッシュ値が開錠権限記憶部170に記憶されている場合に、開錠権限記憶部170に記憶されているハッシュ値から失効情報181を生成する。そして、失効情報生成部180は、サーバ通信部110を介して、失効情報181を管理装置300dに送信する。
 ステップS127dにおいて、開錠権限記憶部170は、開錠権限生成部120により生成された開錠権限データ33のハッシュ値をメモリ921に記憶する。具体的には、開錠権限記憶部170は、ビルIDと、ユーザ識別子であるユーザIDと、開錠権限データ33のハッシュ値である開錠権限IDとを対応付けて記憶する。 In step S126d, when the hash value calculated by the unlocking authority generation unit 120 is stored in the unlocking authority storage unit 170, the revocation information generation unit 180 determines the hash value stored in the unlocking authority storage unit 170. The revocation information 181 is generated from the value. Then, the revocation information generation unit 180 transmits the revocation information 181 to the management device 300d via the server communication unit 110.
In step S127d, the unlocking authority storage unit 170 stores the hash value of the unlocking authority data 33 generated by the unlocking authority generating unit 120 in the memory 921. Specifically, the unlocking authority storage unit 170 stores a building ID, a user ID as a user identifier, and an unlocking authority ID as a hash value of the unlocking authority data 33 in association with each other.
 以上のように、サーバ装置100dは、開錠権限データ33および認証情報34を生成する際、開錠権限データ33のハッシュ値を計算しておく。そして、サーバ装置100dは、開錠権限記憶部170にビルID、ユーザID、および開錠権限データ33のハッシュ値を対応付けて記憶する。サーバ装置100dでは、対象ユーザが既に開錠権限を持っている、すなわち開錠権限記憶部170にレコードが存在する場合は、記憶されていた開錠権限を失効情報181として管理装置300dに送信する。 As described above, when generating the unlocking authority data 33 and the authentication information 34, the server device 100d calculates the hash value of the unlocking authority data 33. The server device 100d stores the building ID, the user ID, and the hash value of the unlocking authority data 33 in the unlocking authority storage unit 170 in association with each other. In the server device 100d, if the target user already has the unlocking authority, that is, if a record exists in the unlocking authority storage unit 170, the stored unlocking authority is transmitted to the management device 300d as revocation information 181. .
 図26は、本実施の形態に係る失効情報181の例を示す図である。
 失効情報181は、ユーザIDと開錠権限データ33のハッシュ値を示す文字列ないしバイナリ列からなるデータ列として構成できる。必要な場合、管理装置300dは失効情報181に対してデジタル署名を生成し、失効情報181の正当性が確認できた場合にのみ失効情報181を受理する構成にしてもよい。 FIG. 26 is a diagram illustrating an example of the revocation information 181 according to the present embodiment.
The revocation information 181 can be configured as a data string composed of a character string or a binary string indicating the hash value of the user ID and the unlocking authority data 33. When necessary, the management device 300d may generate a digital signature for the revocation information 181 and accept the revocation information 181 only when the validity of the revocation information 181 can be confirmed.
 図28を用いて、本実施の形態に係る秘密情報記憶処理S100dの動作について説明する。
 ステップS101とステップS102の処理は、実施の形態1で説明した図6と同様である。 The operation of secret information storage processing S100d according to the present embodiment will be described using FIG.
Steps S101 and S102 are the same as those in FIG. 6 described in the first embodiment.
 入力部150が秘密情報31を取得すると(ステップS101)、ステップS103dにおいて、入力部150は、秘密情報31が秘密情報記憶部140に記憶されているか否かを判定する。秘密情報31が記憶されている場合、ステップS104dに進む。秘密情報31が記憶されていない場合、ステップS102に進む。
 ステップS104dにおいて、入力部150は、開錠権限記憶部170に記憶されている開錠権限データ33のハッシュ値とユーザ識別子とを初期化する。そして、秘密情報記憶部140が、秘密情報31を記憶する(ステップS102)。 When the input unit 150 acquires the secret information 31 (step S101), the input unit 150 determines whether the secret information 31 is stored in the secret information storage unit 140 in step S103d. When the secret information 31 is stored, the process proceeds to step S104d. If the secret information 31 is not stored, the process proceeds to step S102.
In step S104d, the input unit 150 initializes the hash value and the user identifier of the unlocking authority data 33 stored in the unlocking authority storage unit 170. Then, the secret information storage unit 140 stores the secret information 31 (Step S102).
 以上のように、対象ビルの秘密鍵および公開鍵が既に秘密情報記憶部に記憶されている状態で、新たにシステムを再構築する、すなわち新たに秘密鍵および公開鍵を登録する場合がある。このとき、サーバ装置100dは、開錠権限記憶部170に記憶されているこれまでの開錠権限データ33のハッシュ値を全て消去することにより初期化する。 As described above, there is a case where the system is newly reconfigured, that is, the private key and the public key are newly registered in a state where the private key and the public key of the target building are already stored in the private information storage unit. At this time, the server device 100d initializes by deleting all the hash values of the unlocking authority data 33 stored in the unlocking authority storage unit 170 so far.
 図29を用いて、本実施の形態に係る失効情報記憶処理S101dの動作について説明する。
 ステップS105dにおいて、管理装置300dは、サーバ装置100dから送信された失効情報181を受信する。
 ステップS106dにおいて、失効情報記憶部360は、サーバ装置100dから送信された失効情報181を記憶する。 The operation of the revocation information storage processing S101d according to the present embodiment will be described with reference to FIG.
In step S105d, the management device 300d receives the revocation information 181 transmitted from the server device 100d.
In step S106d, the revocation information storage unit 360 stores the revocation information 181 transmitted from the server device 100d.
 図27は、本実施の形態に係る失効情報記憶部360の構成を示す図である。
 失効情報記憶部360は、ユーザ識別子であるユーザIDと、開錠権限データ33のハッシュ値である失効情報IDとが対応付けられて記憶されている。なお、失効情報IDは、サーバ装置100dの開錠権限記憶部170における開錠権限IDと同じ、すなわち開錠権限データ33のハッシュ値である。 FIG. 27 is a diagram showing a configuration of the revocation information storage unit 360 according to the present embodiment.
The revocation information storage unit 360 stores a user ID as a user identifier and a revocation information ID as a hash value of the unlocking authority data 33 in association with each other. The revocation information ID is the same as the unlocking authority ID in the unlocking authority storage unit 170 of the server device 100d, that is, a hash value of the unlocking authority data 33.
 図30は、本実施の形態に係る開錠処理S140dの動作について説明する。
 ステップS141とステップS146aの処理は、実施の形態2で説明した図16と同様である。
 管理装置300dは、鍵開閉装置400aから認証済情報35を受信する(ステップS146a)。
 ステップS452dにおいて、検証部340は、認証済情報35に含まれる開錠権限データ33のハッシュ値を計算する。
 そして、ステップS453dにおいて、検証部340は、計算した開錠権限データ33のハッシュ値が前記失効情報記憶部に記憶されているか否かを判定する。計算されたハッシュ値が記憶されている場合、計算されたハッシュ値は失効情報であることを意味するので、開錠権限の正当性を検証する処理を終了する。秘密情報31が記憶されていない場合、ステップS143aに進む。
 その後、ステップS143aからステップS145aにおいて、開錠権限の正当性を検証する処理が行われる。なお、ステップS143aからステップS145aの処理は、実施の形態2で説明した図16と同様である。 FIG. 30 illustrates the operation of the unlocking process S140d according to the present embodiment.
Steps S141 and S146a are the same as those in FIG. 16 described in the second embodiment.
The management device 300d receives the authenticated information 35 from the key opening / closing device 400a (Step S146a).
In step S452d, the verification unit 340 calculates a hash value of the unlocking authority data 33 included in the authenticated information 35.
Then, in step S453d, the verification unit 340 determines whether the calculated hash value of the unlocking authority data 33 is stored in the revocation information storage unit. If the calculated hash value is stored, it means that the calculated hash value is revocation information, and thus the processing for verifying the validity of the unlocking authority ends. If the secret information 31 is not stored, the process proceeds to step S143a.
Thereafter, in steps S143a to S145a, a process of verifying the validity of the unlocking authority is performed. Steps S143a to S145a are the same as those in FIG. 16 described in the second embodiment.
 以上のように、開錠権限の正当性を検証する処理の前に開錠権限のハッシュ値を計算し、ユーザIDとハッシュ値の組が失効権限記憶部に記憶されているか確認する。記憶済みであった場合、無効化された開錠権限と見なして開錠しない。そうでない場合は実施の形態2の構成と同様に開錠権限の正当性を検証する。 As described above, before the process of verifying the validity of the unlocking authority, the hash value of the unlocking authority is calculated, and it is confirmed whether the set of the user ID and the hash value is stored in the revocation authority storage unit. If it has been memorized, it is regarded as a revoked unlocking authority and is not unlocked. Otherwise, the validity of the unlocking authority is verified as in the configuration of the second embodiment.
 なお、検証情報配送処理および認証済情報配送処理については、実施の形態2と同様である。 Note that the verification information delivery process and the authenticated information delivery process are the same as in the second embodiment.
***本実施の形態の効果の説明***
 本実施の形態に係る電子錠システム500dでは、ユーザの開錠権限を更新する際、サーバ装置が特定のユーザの認証情報を無効化する失効情報を管理装置に配送する。ユーザの開錠権限を変更する場合、サーバ装置から新たな開錠権限が端末装置に付与される。ところが一度発行された認証情報は検証情報が変更されない限り有効であるため、過去の開錠権限を用いてその時点では通行が許可されていない扉を開錠するリスクがある。本実施の形態に係る電子錠システム500dでは、開錠権限を更新する際に過去の開錠権限を失効情報により無効化することでセキュリティ低下を抑制する。本実施の形態に係る電子錠システム500dよれば、多くのユーザの開錠権限が変更となる場合、サーバ装置のデジタル署名の秘密鍵および公開鍵を更新することでシステム全体を再セットアップすることもできる。本実施の形態は、逐次的な開錠権限の更新の際に有効である。 *** Explanation of effect of this embodiment ***
In the electronic lock system 500d according to the present embodiment, when updating the unlocking authority of the user, the server device delivers revocation information for invalidating the authentication information of the specific user to the management device. When changing the unlocking authority of the user, a new unlocking authority is given to the terminal device from the server device. However, since the authentication information issued once is valid as long as the verification information is not changed, there is a risk of unlocking a door that is not allowed to pass at that time by using the past unlocking authority. In the electronic lock system 500d according to the present embodiment, when updating the unlocking authority, the past unlocking authority is invalidated by the revocation information, thereby suppressing a decrease in security. According to the electronic lock system 500d according to the present embodiment, when the unlocking authority of many users is changed, the entire system can be set up again by updating the private key and public key of the digital signature of the server device. it can. This embodiment is effective for successively updating the unlocking authority.
 実施の形態6.
 本実施の形態では、主に、実施の形態5と異なる点について説明する。なお、実施の形態1から5と同様の構成には同一の符号を付し、その説明を省略する場合がある。 Embodiment 6 FIG.
In the present embodiment, points that are different from Embodiment 5 will be mainly described. The same components as those in Embodiments 1 to 5 are denoted by the same reference numerals, and description thereof may be omitted.
***構成の説明***
 図31を用いて、本実施の形態に係る電子錠システム500eの構成について説明する。
 本実施の形態に係る電子錠システム500eでは、開閉システム600の管理装置300dは、通信ネットワーク610と異なるネットワークであるビル内ネットワーク640を介して、端末装置200eと通信する。すなわち、本実施の形態のサーバ装置100eは、管理装置300dと通信ネットワーク610を介して通信できない。
 また、本実施の形態のサーバ装置100eは、実施の形態5の図23のサーバ装置100dに加え、時刻取得部190を備える。また、本実施の形態の端末装置200eは、実施の形態5の図23の端末装置200に加え、失効情報記憶部260を備える。 *** Configuration description ***
The configuration of electronic lock system 500e according to the present embodiment will be described using FIG.
In the electronic lock system 500e according to the present embodiment, the management device 300d of the opening / closing system 600 communicates with the terminal device 200e via a building network 640 that is a different network from the communication network 610. That is, the server device 100e of the present embodiment cannot communicate with the management device 300d via the communication network 610.
Further, the server device 100e of the present embodiment includes a time acquisition unit 190 in addition to the server device 100d of FIG. 23 of the fifth embodiment. Further, the terminal device 200e of the present embodiment includes a revocation information storage unit 260 in addition to the terminal device 200 of FIG. 23 of the fifth embodiment.
***動作の説明***
 図32を用いて、本実施の形態に係る認証情報生成処理S120eの動作について説明する。
 ステップS121からステップS125d、およびステップS127dの処理は、実施の形態5の図24と同様である。
 ステップS128eにおいて、時刻取得部190は、現在時刻を時刻として取得する。
 ステップS126eにおいて、失効情報生成部180は、開錠権限記憶部170に記憶されているハッシュ値から失効情報181を生成する。失効情報生成部180は、失効情報181と時刻の組を対象ビルの全ての端末装置200eに送信する。
 以上のように、サーバ装置100eは、ステップS125dの後、失効情報181を送信する際に時刻取得部190で時刻を取得し、失効情報181と時刻を対応付けて全ての端末装置200eにブロードキャストする。 *** Explanation of operation ***
The operation of authentication information generation processing S120e according to the present embodiment will be described using FIG.
Steps S121 to S125d and S127d are the same as those in FIG. 24 of the fifth embodiment.
In step S128e, the time acquisition unit 190 acquires the current time as time.
In step S126e, the revocation information generation unit 180 generates the revocation information 181 from the hash value stored in the unlocking authority storage unit 170. The revocation information generation unit 180 transmits the set of the revocation information 181 and the time to all the terminal devices 200e in the target building.
As described above, after transmitting the revocation information 181, the server device 100 e acquires the time by the time acquisition unit 190 when transmitting the revocation information 181, and associates the revocation information 181 with the time to broadcast to all the terminal devices 200 e. .
 図33は、本実施の形態に係る失効情報記憶部260の構成を示す図である。
 本実施の形態では、端末装置200eは、ユーザIDおよび失効情報IDを、失効情報181が生成された時刻と対応付けて記憶する失効情報記憶部260に記憶する。 FIG. 33 is a diagram showing a configuration of the revocation information storage unit 260 according to the present embodiment.
In the present embodiment, the terminal device 200e stores the user ID and the revocation information ID in the revocation information storage unit 260 that stores the user ID and the revocation information ID in association with the time at which the revocation information 181 was generated.
 図34を用いて、本実施の形態に係る失効情報記憶処理S102eの動作について説明する。
 ステップS11eにおいて、端末装置200eは、サーバ装置100eから送信された失効情報181と時刻の組を受信する。
 ステップS12eにおいて、失効情報記憶部260は、サーバ装置100eから送信された失効情報181と時刻の組を記憶する。
 このように、失効情報181を送信された全ての端末装置200eは自身の失効情報記憶部260に失効情報181を一時保管する。 The operation of the revocation information storage processing S102e according to the present embodiment will be described with reference to FIG.
In step S11e, the terminal device 200e receives the set of the revocation information 181 and the time transmitted from the server device 100e.
In step S12e, the revocation information storage unit 260 stores a set of the revocation information 181 and the time transmitted from the server device 100e.
As described above, all the terminal devices 200e that have received the revocation information 181 temporarily store the revocation information 181 in their own revocation information storage units 260.
 図35を用いて、本実施の形態に係る失効情報転送処理S103eの動作について説明する。
 ステップS13eにおいて、端末装置200eと管理装置300d間の通信路が確立されたとき、管理装置300dは、失効情報記憶部360に保持する失効情報181と対応付けられた時刻のうちの最新時刻を端末装置200eに送信する。
 端末装置200eは、管理装置300dから送信された時刻よりも新しい時刻に生成された失効情報181のみを管理装置300dに送信する(ステップS14e,ステップS15e)。その後、ステップS16eにおいて、端末装置200eは、失効情報記憶部260に記憶していた全ての失効情報181を削除する。
 なお、ユーザが開錠する際、端末装置200eは鍵開閉装置400aに失効情報181を送信し、鍵開閉装置400aを介して失効情報181を管理装置300dに送信してもよい。 The operation of the revocation information transfer processing S103e according to the present embodiment will be described using FIG.
In step S13e, when the communication path between the terminal device 200e and the management device 300d is established, the management device 300d updates the latest time among the times associated with the revocation information 181 held in the revocation information storage unit 360 by the terminal. Transmit to the device 200e.
The terminal device 200e transmits only the revocation information 181 generated at a time later than the time transmitted from the management device 300d to the management device 300d (Steps S14e and S15e). Thereafter, in step S16e, the terminal device 200e deletes all the revocation information 181 stored in the revocation information storage unit 260.
When the user unlocks, the terminal device 200e may transmit the revocation information 181 to the key opening / closing device 400a, and may transmit the revocation information 181 to the management device 300d via the key opening / closing device 400a.
 図36を用いて、本実施の形態に係る失効情報記憶処理S101dの動作について説明する。
 ステップS17eにおいて、管理装置300dは、端末装置200eから送信された失効情報181と時刻の組を受信する。
 ステップS18eにおいて、失効情報記憶部360は、端末装置200eから送信された失効情報181と時刻の組を記憶するとともに、失効情報181の最新時刻を更新する。
 このように、管理装置300dは、端末装置200eから受信した失効情報181を失効情報記憶部360で記憶する。その後、受信した失効情報181に対応付けられた時刻のうちで最新のものを、次回に端末装置200eに送信する最新時刻として記憶する。 The operation of the revocation information storage processing S101d according to the present embodiment will be described with reference to FIG.
In step S17e, the management device 300d receives the set of the revocation information 181 and the time transmitted from the terminal device 200e.
In step S18e, the revocation information storage unit 360 stores the set of the revocation information 181 and the time transmitted from the terminal device 200e, and updates the latest time of the revocation information 181.
As described above, the management device 300d stores the revocation information 181 received from the terminal device 200e in the revocation information storage unit 360. After that, the latest time among the times associated with the received revocation information 181 is stored as the latest time to be transmitted to the terminal device 200e next time.
 なお、検証情報配送処理および認証済情報配送処理については、実施の形態2と同様である。 Note that the verification information delivery process and the authenticated information delivery process are the same as in the second embodiment.
***本実施の形態の効果の説明***
 本実施の形態に係る電子錠システム500eでは、失効情報の配送を端末装置が中継する。実施の形態5と同様に、過去の開錠権限を用いた不正を試みる不正なユーザがいる場合でも、その他正規のユーザが失効情報を管理装置に配送するため、不正が可能なタイミングを限定できる。また、本実施の形態に係る電子錠システム500eでは、サーバ装置と管理装置間にネットワークが存在しない場合も、セキュリティの低下を抑制しつつ失効情報を用いたユーザの開錠権限の変更が可能になる。
 また、開錠権限の失効と、失効情報の登録との間にタイムラグがある場合がある。本実施の形態に係る電子錠システム500eでは、失効情報を生成した際の時刻を失効情報と対応付けて記憶しているので、タイムラグの間に不正に通過した者がいるかを判定することができる。また、本実施の形態に係る電子錠システム500eは、人事異動で開錠権限が変化した際にも利用できる。 *** Explanation of effect of this embodiment ***
In the electronic lock system 500e according to the present embodiment, the terminal device relays the delivery of the revocation information. As in the fifth embodiment, even when there is an unauthorized user who attempts an unauthorized operation using the past unlocking authority, another authorized user delivers the revocation information to the management device, so that the timing at which the unauthorized operation is possible can be limited. . Further, in the electronic lock system 500e according to the present embodiment, even when a network does not exist between the server device and the management device, it is possible to change the unlocking authority of the user using the revocation information while suppressing a decrease in security. Become.
Further, there may be a time lag between the expiration of the unlocking authority and the registration of the expiration information. In the electronic lock system 500e according to the present embodiment, since the time when the revocation information is generated is stored in association with the revocation information, it is possible to determine whether any person has passed illegally during the time lag. . Further, the electronic lock system 500e according to the present embodiment can also be used when the unlocking authority changes due to a personnel change.
 実施の形態7.
 本実施の形態では、主に、実施の形態2と異なる点について説明する。なお、実施の形態1から6と同様の構成には同一の符号を付し、その説明を省略する場合がある。 Embodiment 7 FIG.
In the present embodiment, points different from the second embodiment will be mainly described. The same components as those in Embodiments 1 to 6 are denoted by the same reference numerals, and description thereof may be omitted.
 本実施の形態では、複数の開錠権限に対して1つの認証情報を生成する態様について説明する。企業では同じ所属、すなわち同じユーザグループのユーザが同一の開錠権限を付与される場合がある。本実施の形態では、このようなユーザグループに対して開錠権限を付与する。 In the present embodiment, a mode in which one piece of authentication information is generated for a plurality of unlocking authorities will be described. In a company, users who have the same affiliation, that is, users of the same user group may be given the same unlocking authority. In the present embodiment, unlocking authority is given to such a user group.
 ユーザ権限情報32は、複数のユーザIDと、複数のユーザIDにより識別される複数のユーザが属するユーザグループを識別するユーザグループ識別子と、設備識別子である扉IDとが対応付けられている。ユーザグループ識別子はユーザグループIDともいう。開錠権限生成部120は、複数のユーザIDとユーザグループIDと扉IDとを用いて、ユーザグループの開錠権限を表す開錠権限データ33を生成する。認証情報生成部130は、開錠権限データ33と秘密鍵とを用いて、開錠権限データを認証する認証情報34を生成し、複数のユーザに対応する端末装置200に送信する。 The user authority information 32 is associated with a plurality of user IDs, a user group identifier for identifying a user group to which a plurality of users identified by the plurality of user IDs belong, and a door ID which is a facility identifier. The user group identifier is also called a user group ID. The unlocking authority generating unit 120 generates unlocking authority data 33 indicating the unlocking authority of the user group using the plurality of user IDs, user group IDs, and door IDs. The authentication information generation unit 130 generates authentication information 34 for authenticating the unlocking authority data using the unlocking authority data 33 and the secret key, and transmits the authentication information 34 to the terminal device 200 corresponding to a plurality of users.
 図37および図38を用いて、本実施の形態に係るユーザ権限情報32について説明する。
 本実施の形態に係るユーザ権限情報32は、複数のユーザIDと、複数のユーザIDにより識別される複数のユーザが属するユーザグループを識別するユーザグループIDと、扉IDとが対応付けられている。実施の形態2では、ユーザ権限情報32は、ビルID、ユーザID、および扉IDの組であった。本実施の形態では、ユーザ権限情報32にユーザグループIDを追加する。そして、扉IDにはユーザグループIDが対応付けられる。これにより、同じユーザグループIDに属するユーザは、同じ扉を開錠できる。 The user authority information 32 according to the present embodiment will be described using FIG. 37 and FIG.
In the user authority information 32 according to the present embodiment, a plurality of user IDs, a user group ID for identifying a user group to which a plurality of users identified by the plurality of user IDs belong, and a door ID are associated with each other. . In the second embodiment, the user authority information 32 is a set of a building ID, a user ID, and a door ID. In the present embodiment, a user group ID is added to the user authority information 32. Then, the user ID is associated with the door ID. Thus, users belonging to the same user group ID can unlock the same door.
 図39および図40を用いて、本実施の形態に係る開錠権限データ33について説明する。
 図39の開錠権限データ33は、ユーザグループIDとユーザIDと扉IDが明確に識別可能な文字列あるいはバイナリ列として表現されたデータ列である。実施の形態4で説明した開錠ログを収集する場合、図40に示すように、先頭行に自身のユーザIDを追加してもよい。このとき、正当性の検証の際は先頭行を読み飛ばして開錠権限とみなす。 The unlocking authority data 33 according to the present embodiment will be described with reference to FIG. 39 and FIG.
The unlocking authority data 33 in FIG. 39 is a data string expressed as a character string or a binary string in which the user group ID, the user ID, and the door ID can be clearly identified. When collecting the unlocking log described in the fourth embodiment, as shown in FIG. 40, its own user ID may be added to the first row. At this time, when verifying the validity, the first line is skipped and the unlocking authority is regarded.
 図41を用いて、本実施の形態に係る認証情報生成処理S120gの動作について説明する。
 ステップS21gにおいて、入力部150は、図37に示すように、ユーザIDとユーザグループIDの組から成るユーザ権限情報32を取得する。
 ステップS22gにおいて、入力部150は、図38に示すように、ユーザグループIDと扉IDの組から成るユーザ権限情報32を取得する。
 ステップS122gにおいて、開錠権限生成部120は、複数のユーザIDとユーザグループIDと扉IDとを用いて、ユーザグループの開錠権限を表す開錠権限データ33を生成する。
 ステップS123gにおいて、認証情報生成部130は、開錠権限データ33と秘密鍵とを用いて、開錠権限データ33を認証する認証情報34を生成する。
 以上のように、サーバ装置100は、ユーザグループ毎に生成された開錠権限データ33に対して1つの認証情報34を生成する。そして、認証情報生成部130は、開錠権限データ33に認証情報34を付加した認証済情報35を出力する。 The operation of authentication information generation processing S120g according to the present embodiment will be described with reference to FIG.
In step S21g, as shown in FIG. 37, the input unit 150 acquires the user authority information 32 including a set of a user ID and a user group ID.
In step S22g, as shown in FIG. 38, the input unit 150 acquires the user authority information 32 including a set of a user group ID and a door ID.
In step S122g, the unlocking authority generation unit 120 generates unlocking authority data 33 indicating the unlocking authority of the user group using the plurality of user IDs, user group IDs, and door IDs.
In step S123g, the authentication information generation unit 130 generates the authentication information 34 for authenticating the unlocking authority data 33 using the unlocking authority data 33 and the secret key.
As described above, the server device 100 generates one piece of authentication information 34 for the unlocking authority data 33 generated for each user group. Then, the authentication information generation unit 130 outputs the authenticated information 35 obtained by adding the authentication information 34 to the unlocking authority data 33.
 図42を用いて、本実施の形態に係る認証済情報配送処理S130gの動作について説明する。
 ステップS131gにおいて、サーバ通信部110は、認証済情報35を対象のユーザグループに属する全てのユーザの端末装置200に送信する。
 ステップS132からステップS133の処理は、実施の形態1の図12と同様である。
 このように、本実施の形態では、同じユーザグループに属するユーザは同一の認証済情報35を保持する。 The operation of the authenticated information delivery processing S130g according to the present embodiment will be described with reference to FIG.
In step S131g, the server communication unit 110 transmits the authenticated information 35 to the terminal devices 200 of all users belonging to the target user group.
The processing from step S132 to step S133 is the same as in FIG. 12 of the first embodiment.
As described above, in the present embodiment, users belonging to the same user group hold the same authenticated information 35.
***本実施の形態の効果の説明***
 本実施の形態に係る電子錠システムでは、複数の開錠権限に対して一つの認証情報を生成する。企業では同じ所属のユーザが同一の通行権限を付与される場合があるため、そうしたユーザグループに対して開錠権限を付与した方が開錠権限および認証情報の生成回数を削減でき、サーバ装置の計算量を低減できる。 *** Explanation of effect of this embodiment ***
In the electronic lock system according to the present embodiment, one piece of authentication information is generated for a plurality of unlocking authorities. In a company, users belonging to the same affiliation may be given the same traffic authority. Therefore, granting the unlocking authority to such a user group can reduce the number of times of generating the unlocking authority and the authentication information, and reduce the number of generations of the server device. The amount of calculation can be reduced.
 実施の形態8.
 本実施の形態では、主に、実施の形態5と異なる点について説明する。なお、実施の形態1から5と同様の構成には同一の符号を付し、その説明を省略する場合がある。 Embodiment 8 FIG.
In the present embodiment, points that are different from Embodiment 5 will be mainly described. The same components as those in Embodiments 1 to 5 are denoted by the same reference numerals, and description thereof may be omitted.
***構成の説明***
 図43を用いて、本実施の形態に係る電子錠システム500fの構成について説明する。
 本実施の形態に係る電子錠システム500fでは、開閉システム600fは、管理装置300fと通信する端末装置を管理端末200fとして備える。
 管理端末200fは、実施の形態2の構成に加え、管理端末記憶部370と検証情報記憶部280を備える。検証情報記憶部280は、サーバ装置100から検証情報41を受信すると、検証情報41を一時的に記憶する。管理装置記憶部270は、管理装置300fを識別する管理装置識別子と、管理端末200fと管理装置300fとの間で生成された秘密データ432とを対応付けて記憶する。
 また、管理装置300fは、実施の形態2の構成に加え、近距離通信部380と管理端末記憶部370を備える。管理端末記憶部370は、秘密データ432と管理端末200fを識別する管理端末識別子とを対応付けて記憶する。検証情報記憶部320は、管理端末200fから検証情報41の更新を要求する更新要求を受信すると、更新要求の要求元の管理端末が管理端末記憶部370に記憶されている場合に、検証情報41を更新する。 *** Configuration description ***
The configuration of electronic lock system 500f according to the present embodiment will be described using FIG.
In electronic lock system 500f according to the present embodiment, opening / closing system 600f includes a terminal device that communicates with management device 300f as management terminal 200f.
The management terminal 200f includes a management terminal storage unit 370 and a verification information storage unit 280 in addition to the configuration of the second embodiment. Upon receiving the verification information 41 from the server device 100, the verification information storage unit 280 temporarily stores the verification information 41. The management device storage unit 270 stores a management device identifier for identifying the management device 300f and secret data 432 generated between the management terminal 200f and the management device 300f in association with each other.
The management device 300f includes a short-range communication unit 380 and a management terminal storage unit 370 in addition to the configuration of the second embodiment. The management terminal storage unit 370 stores the secret data 432 and the management terminal identifier for identifying the management terminal 200f in association with each other. Upon receiving the update request for updating the verification information 41 from the management terminal 200f, the verification information storage unit 320 stores the verification information 41 in a case where the management terminal that has requested the update is stored in the management terminal storage unit 370. To update.
 図44は、本実施の形態に係る管理端末記憶部370の構成を示す図である。
 管理端末記憶部370は、管理端末200fを識別するため管理端末ID431と、管理端末200fと共有した秘密データ432を記憶する。秘密データ432の具体例は、管理端末200fと管理装置300fがBluetooth(登録商標)のペアリングによって共有したリンクキーである。秘密データ432がライフタイムに沿って更新された場合は管理端末記憶部370の情報も都度更新される。 FIG. 44 is a diagram showing a configuration of the management terminal storage unit 370 according to the present embodiment.
The management terminal storage unit 370 stores a management terminal ID 431 for identifying the management terminal 200f, and secret data 432 shared with the management terminal 200f. A specific example of the secret data 432 is a link key shared by the management terminal 200f and the management device 300f by Bluetooth (registered trademark) pairing. When the secret data 432 is updated along the lifetime, the information in the management terminal storage unit 370 is also updated each time.
 図45は、本実施の形態に係る管理装置記憶部270の構成を示す図である。
 管理装置記憶部270の構成は、管理端末記憶部370と同一の構成である。異なる点は管理端末ID431でなく管理装置300fを識別する管理装置ID433を記憶する点である。 FIG. 45 is a diagram showing a configuration of the management device storage unit 270 according to the present embodiment.
The configuration of the management device storage unit 270 is the same as the configuration of the management terminal storage unit 370. The difference is that a management device ID 433 for identifying the management device 300f is stored instead of the management terminal ID 431.
 図46は、本実施の形態に係る秘密情報記憶処理S210の構成を示す図である。
 近距離通信部230と近距離通信部380とにより管理端末200fと管理装置300fが通信し、秘密データ432を共有する(ステップS211,ステップS212)。管理装置300fは、検証情報41の更新要求を、秘密データ432を共有した端末装置、すなわち管理端末200fからのみ受け付ける。具体的にはBluetooth(登録商標)のペアリングを実行し、リンクキーを共有する。別の認証方法、具体的には、クライアント認証あるいはパスワード認証で管理端末、あるいは管理端末を持つ管理者を認証し、近距離通信部を省いてもよい。 FIG. 46 is a diagram showing a configuration of secret information storage processing S210 according to the present embodiment.
The management terminal 200f and the management device 300f communicate with each other by the short-range communication unit 230 and the short-range communication unit 380, and share the secret data 432 (steps S211 and S212). The management device 300f accepts an update request for the verification information 41 only from the terminal device sharing the secret data 432, that is, the management terminal 200f. Specifically, Bluetooth (registered trademark) pairing is executed to share a link key. The management terminal or an administrator having the management terminal may be authenticated by another authentication method, specifically, client authentication or password authentication, and the short-range communication unit may be omitted.
 図47は、本実施の形態に係る検証情報一時記憶処理S220の構成を示す図である。
 サーバ装置100は検証情報41を管理装置300fに送る代わりに管理端末200fに送る(ステップS221)。管理者の端末装置、すなわち管理端末200fは、検証情報41を記憶する(ステップS222)。このように、管理端末200fが検証情報41を記憶しておけばよいので、管理端末200fから検証情報41の取得をリクエストするプル型通信が好適である。 FIG. 47 is a diagram showing a configuration of the verification information temporary storage processing S220 according to the present embodiment.
The server device 100 sends the verification information 41 to the management terminal 200f instead of sending it to the management device 300f (Step S221). The terminal device of the administrator, that is, the management terminal 200f stores the verification information 41 (Step S222). As described above, since the management terminal 200f only needs to store the verification information 41, pull-type communication that requests acquisition of the verification information 41 from the management terminal 200f is preferable.
 図48は、本実施の形態に係る検証情報転送処理S230の構成を示す図である。
 管理端末200fが管理装置300fに検証情報41の更新を要求する更新要求を送信すると(ステップS231)、管理装置300fは、管理端末記憶部370に記憶されている管理端末200fかを判定する(ステップS232)。管理装置300fは、通信相手が正当な管理端末200fであることを検証し、正当な場合のみ検証情報41の更新を受け付け、メモリに記憶する(ステップS233,ステップS234)。
 管理端末200fの認証のためのみに近距離通信部による通信を用い、検証情報41の送信は別の通信方式、例えばWi-Fi(登録商標)を用いてもよい。 FIG. 48 is a diagram showing a configuration of the verification information transfer processing S230 according to the present embodiment.
When the management terminal 200f transmits an update request for updating the verification information 41 to the management device 300f (step S231), the management device 300f determines whether the management terminal 200f is stored in the management terminal storage unit 370 (step S231). S232). The management device 300f verifies that the communication partner is the valid management terminal 200f, accepts the update of the verification information 41 only when the communication partner is valid, and stores it in the memory (step S233, step S234).
Communication by the short-range communication unit may be used only for authentication of the management terminal 200f, and transmission of the verification information 41 may be performed using another communication method, for example, Wi-Fi (registered trademark).
***本実施の形態の効果の説明***
 本実施の形態に係る電子錠システム500fでは、サーバ装置と管理装置間のネットワークが存在しない場合、管理装置は管理用の特別な端末装置、すなわち管理端末からのみ検証情報の更新を受理する。よって、本実施の形態に係る電子錠システム500fでは、サーバ装置と管理装置間にネットワークが存在しない場合でも電子錠システムを実施可能にする。同時に検証情報を更新可能な端末装置を制限することで、不正者が偽造された検証情報でシステムを更新し、この偽造された検証情報によって正当と判断される不正な開錠権限によって不正に開錠されないようセキュリティを保つことができる。 *** Explanation of effect of this embodiment ***
In the electronic lock system 500f according to the present embodiment, when there is no network between the server device and the management device, the management device accepts the update of the verification information only from the special management terminal device, that is, the management terminal. Therefore, in the electronic lock system 500f according to the present embodiment, the electronic lock system can be implemented even when there is no network between the server device and the management device. At the same time, by restricting the terminal devices that can update the verification information, an unauthorized person can update the system with the forged verification information, and illegally open with the unauthorized unlocking authority determined to be legitimate by the forged verification information. Security can be maintained so as not to be locked.
 以上の実施の形態1から8では、電子錠システムの各装置の各部を独立した機能ブロックとして説明した。しかし、電子錠システムの各装置の構成は、上述した実施の形態のような構成でなくてもよい。電子錠システムの各装置の機能ブロックは、上述した実施の形態で説明した機能を実現することができれば、どのような構成でもよい。また、電子錠システムの各装置は、1つの装置でなく、複数の装置から構成されたシステムでもよい。
 また、実施の形態1から8のうち、複数の部分を組み合わせて実施しても構わない。あるいは、これらの実施の形態のうち、1つの部分を実施しても構わない。その他、これら実施の形態を、全体としてあるいは部分的に、どのように組み合わせて実施しても構わない。
 すなわち、実施の形態1から8では、各実施の形態の自由な組み合わせ、あるいは各実施の形態の任意の構成要素の変形、もしくは各実施の形態において任意の構成要素の省略が可能である。 In the first to eighth embodiments, each unit of each device of the electronic lock system has been described as an independent function block. However, the configuration of each device of the electronic lock system may not be the configuration as in the above-described embodiment. The functional blocks of each device of the electronic lock system may have any configuration as long as the functions described in the above embodiments can be realized. Further, each device of the electronic lock system is not limited to one device, but may be a system including a plurality of devices.
Also, a plurality of parts of the first to eighth embodiments may be combined and implemented. Alternatively, one of these embodiments may be implemented. In addition, these embodiments may be implemented in any combination as a whole or a part.
That is, in the first to eighth embodiments, it is possible to freely combine the embodiments, or to modify any of the components in each of the embodiments, or omit any of the components in each of the embodiments.
 なお、上述した実施の形態は、本質的に好ましい例示であって、本発明の範囲、本発明の適用物の範囲、および本発明の用途の範囲を制限することを意図するものではない。上述した実施の形態は、必要に応じて種々の変更が可能である。 The above-described embodiment is essentially a preferable example, and is not intended to limit the scope of the present invention, the scope of the application of the present invention, and the range of the use of the present invention. Various changes can be made to the embodiment described above as needed.
 31 秘密情報、32 ユーザ権限情報、33 開錠権限データ、34 認証情報、35 認証済情報、41 検証情報、100,100b,100d,100e サーバ装置、110 サーバ通信部、120 開錠権限生成部、130 認証情報生成部、140 秘密情報記憶部、150 入力部、160 生成部、161 サーバ暗号化部、170 開錠権限記憶部、180 失効情報生成部、181 失効情報、190 時刻取得部、200,200b,200e 端末装置、200f 管理端末、210 端末通信部、220 認証済情報記憶部、230 近距離通信部、240 端末暗号化部、250 端末復号部、270 管理装置記憶部、300,300a,300c,300d,300f 管理装置、310 管理通信部、311,321 ビルID、312 秘密鍵、313 証明書、320,280 検証情報記憶部、340 検証部、322 ユーザID、323 扉ID、350 ログ収集部、351 開錠ログ、260,360 失効情報記憶部、370 管理端末記憶部、400,400a,400b 鍵開閉装置、401 設備、402 電子錠、410 装置通信部、420 検証情報記憶部、380,430 近距離通信部、431 管理端末ID、432 秘密データ、433 管理装置ID、440 検証部、450 開錠部、460 装置復号部、500,500a,500b,500c,500d,500e,500f 電子錠システム、600,600f 開閉システム、610 通信ネットワーク、620 設備ネットワーク、630 近距離無線ネットワーク、640 ビル内ネットワーク、910 プロセッサ、921 メモリ、922 ストレージ、930 入力インタフェース、940 出力インタフェース、950 通信インタフェース、951 近距離無線インタフェース、952 扉開閉信号インタフェース、S100,S100d 秘密情報記憶処理、S101d,S101e 失効情報記憶処理、S102e 端末失効情報記憶処理、S103e 失効情報転送処理、S110,S110a 検証情報配送処理、S120,S120d,S120e,S120g 認証情報生成処理、S130,S130b,S130g 認証済情報配送処理、S140,S140a,S140b,S140c,S140d 開錠処理、S210 秘密データ記憶処理、S220 検証情報一時記憶処理、S230 検証情報転送処理。 31 secret information, 32 user authorization information, 33 unlocking data, 34 authentication information, 35 authenticated information, 41 verification information, 100, 100b, 100d, 100e server device, 110 server communication unit, 120 unlocking generation unit, 130 authentication information generation unit, 140 secret information storage unit, 150 input unit, 160 generation unit, 161 server encryption unit, 170 unlocking authority storage unit, 180 revocation information generation unit, 181 revocation information, 190 time acquisition unit, 200 200b, 200e terminal device, 200f management terminal, 210 部 terminal communication unit, 220 authenticated information storage unit, 230 short-range communication unit, 240 terminal encryption unit, 250 terminal decryption unit, 270 management device storage unit, 300, 300a, 300c , 300d, 300f management device, 310 management communication unit 311,321 {Build ID, 312} Private Key, 313} Certificate, 320,280 {Verification Information Storage Unit, 340} Verification Unit, 322} User ID, 323} Door ID, 350 {Log Collection Unit, 351} Unlock Log, 260,360 Unit, 370 {management terminal storage unit, 400, 400a, 400b} key opening / closing device, 401 equipment, 402 electronic lock, 410 device communication unit, 420 verification information storage unit, 380, 430 short-range communication unit, 431 management terminal ID, 432 secret Data: 433 management device ID, 440 verification unit, 450 unlocking unit, 460 device decryption unit, 500, 500a, 500b, 500c, 500d, 500e, 500f electronic lock system, 600, 600f opening and closing system, 610 communication network, 620 equipment network, 30 short-range wireless network, 640 building network, 910 processor, 921 memory, 922 storage, 930 input interface, 940 output interface, 950 communication interface, 951 short-range wireless interface, 952 door open / close signal interface, S100, S100d secret information storage Processing, S101d, S101e Revocation information storage processing, S102e Terminal revocation information storage processing, S103e Revocation information transfer processing, S110, S110a Verification information delivery processing, S120, S120d, S120e, S120g Authentication information generation processing, S130, S130b, S130g Verified Information delivery processing, S140, S140a, S140b, S140c, S140d {unlock processing, S210} secret data storage processing S220 {verification information temporary storage process; S230} verification information transfer process.

Claims (18)

  1.  電子錠を備えた設備を有する開閉システムと、前記開閉システムと近距離無線により通信する端末装置と、前記開閉システムと前記端末装置との各々と通信ネットワークを介して通信するサーバ装置とを有する電子錠システムにおいて、
     前記サーバ装置は、
     秘密鍵と前記秘密鍵に対応する公開鍵の証明書とを秘密情報として記憶する秘密情報記憶部と、
     前記設備を利用するユーザを識別するユーザ識別子と、前記ユーザによる開錠が許可されている設備を識別する設備識別子とが対応付けられたユーザ権限情報を取得し、前記ユーザ権限情報と前記秘密鍵とを用いて、前記ユーザの開錠権限の正当性を認証するための認証済情報を生成する生成部と、
     前記証明書を検証情報として前記開閉システムに送信するとともに、前記認証済情報を前記端末装置に送信するサーバ通信部と
    を備え、
     前記開閉システムは、
     前記端末装置から近距離無線により前記認証済情報を受信すると、前記認証済情報と前記検証情報とを用いて前記開錠権限の正当性を検証する検証部と、
     前記検証部により前記開錠権限の正当性が検証されると、前記電子錠を開錠する開錠部とを備えた電子錠システム。     An electronic system comprising: an opening / closing system having equipment provided with an electronic lock; a terminal device that communicates with the opening / closing system by short-range wireless communication; and a server device that communicates with each of the opening / closing system and the terminal device via a communication network. In the lock system,
    The server device,
    A secret information storage unit that stores a secret key and a certificate of a public key corresponding to the secret key as secret information,
    Acquiring user authority information in which a user identifier for identifying a user who uses the facility and a facility identifier for identifying a facility that is permitted to be unlocked by the user are acquired, and the user authority information and the secret key are acquired. Using a generating unit that generates authenticated information for authenticating the validity of the unlocking authority of the user,
    A server communication unit that transmits the certificate to the opening / closing system as verification information and transmits the authenticated information to the terminal device,
    The opening and closing system includes:
    Upon receiving the authenticated information by short-range wireless from the terminal device, a verification unit that verifies the validity of the unlocking authority using the authenticated information and the verification information,
    An electronic lock system comprising: an unlocking unit that unlocks the electronic lock when the validity of the unlocking authority is verified by the verification unit.
  2.  前記生成部は、
     前記ユーザ識別子と前記設備識別子とを用いて前記開錠権限を表す開錠権限データを生成する開錠権限生成部と、
     前記開錠権限データと前記秘密鍵とを用いて、前記開錠権限データを認証する署名を認証情報として生成し、前記認証情報が付加された前記開錠権限データを前記認証済情報として出力する認証情報生成部と
    を備えた請求項1に記載の電子錠システム。     The generation unit includes:
    An unlocking authority generating unit that generates unlocking authority data representing the unlocking authority using the user identifier and the equipment identifier,
    Using the unlocking authority data and the secret key, a signature for authenticating the unlocking authority data is generated as authentication information, and the unlocking authority data to which the authentication information is added is output as the authenticated information. The electronic lock system according to claim 1, further comprising an authentication information generation unit.
  3.  前記開閉システムは、
     前記サーバ装置と前記通信ネットワークを介して通信する管理装置と、
     前記管理装置と通信するとともに、前記電子錠の開閉を制御する鍵開閉装置と
    を備え、
     前記鍵開閉装置は、
     前記端末装置から近距離無線により前記認証済情報を受信する近距離通信部を備え、
     前記検証部は、
     前記近距離通信部により受信された前記認証済情報を取得し、前記認証済情報と前記検証情報とを用いて前記開錠権限の正当性を検証する請求項2に記載の電子錠システム。     The opening and closing system includes:
    A management device that communicates with the server device via the communication network,
    A key opening and closing device that communicates with the management device and controls opening and closing of the electronic lock,
    The key opening and closing device,
    A short-range communication unit that receives the authenticated information by short-range wireless from the terminal device,
    The verification unit,
    The electronic lock system according to claim 2, wherein the authenticated information received by the short-range communication unit is acquired, and the validity of the unlocking authority is verified using the authenticated information and the verification information.
  4.  前記検証部は、
     前記認証済情報に含まれる前記開錠権限データが正当であるとともに、前記開錠権限データに含まれる前記設備識別子が正当である場合に、前記開錠権限が正当であると検証する請求項3に記載の電子錠システム。     The verification unit,
    4. When the unlocking authority data included in the authenticated information is valid and the facility identifier included in the unlocking authority data is valid, the unlocking authority is verified as valid. An electronic lock system according to claim 1.
  5.  前記管理装置は、
     前記サーバ装置から前記通信ネットワークを介して前記検証情報を受信し、受信した前記検証情報を前記鍵開閉装置に送信する管理通信部を備え、
     前記鍵開閉装置は、
     前記管理通信部から受信した前記検証情報を記憶する検証情報記憶部と、前記検証部とを備え、
     前記検証部は、
     前記認証済情報と、前記検証情報記憶部に記憶された前記検証情報とを用いて前記開錠権限の正当性を検証する請求項3または4に記載の電子錠システム。     The management device,
    A management communication unit that receives the verification information from the server device via the communication network, and transmits the received verification information to the key opening / closing device,
    The key opening and closing device,
    A verification information storage unit that stores the verification information received from the management communication unit, and includes the verification unit,
    The verification unit,
    The electronic lock system according to claim 3, wherein the authenticity of the unlocking authority is verified using the authenticated information and the verification information stored in the verification information storage unit.
  6.  前記管理装置は、
     前記サーバ装置から前記検証情報を受信し、受信した前記検証情報を記憶する検証情報記憶部を備え、
     前記鍵開閉装置は、
     前記近距離通信部により受信された前記認証済情報を、前記管理装置に送信する装置通信部を備え、
     前記管理装置は、前記検証部を備え、
     前記検証部は、
     前記装置通信部から送信された前記認証済情報を取得し、前記認証済情報と、前記検証情報記憶部に記憶された前記検証情報とを用いて前記開錠権限の正当性を検証し、前記開錠権限の正当性が検証されると前記電子錠の開錠を指令する開錠指令を前記鍵開閉装置に送信し、
     前記鍵開閉装置は、前記開錠部を備え、
     前記開錠部は、
     前記検証部から前記開錠指令を受信すると、前記電子錠を開錠する請求項3または4に記載の電子錠システム。     The management device,
    A verification information storage unit that receives the verification information from the server device and stores the received verification information,
    The key opening and closing device,
    The device has a device communication unit that transmits the authenticated information received by the short-range communication unit to the management device,
    The management device includes the verification unit,
    The verification unit,
    Acquiring the authenticated information transmitted from the device communication unit, verifying the authenticity of the unlocking authority using the authenticated information and the verification information stored in the verification information storage unit, When the validity of the unlocking authority is verified, an unlocking command for instructing unlocking of the electronic lock is transmitted to the key opening / closing device,
    The key opening and closing device includes the unlocking unit,
    The unlocking section,
    The electronic lock system according to claim 3, wherein the electronic lock is unlocked when the unlock instruction is received from the verification unit.
  7.  前記サーバ装置は、
     前記認証済情報を暗号化するサーバ暗号化部を備え、
     前記サーバ通信部は、
     暗号化された認証済情報を前記端末装置に送信し、
     前記端末装置は、
     前記サーバ通信部から前記暗号化された認証済情報を受信する端末通信部と、
     前記端末通信部により受信された前記暗号化された認証済情報を復号する端末復号部と、
     前記暗号化された認証済情報を復号することにより得られた前記認証済情報を記憶する認証済情報記憶部と、
     前記認証済情報記憶部に記憶された前記認証済情報を暗号化する端末暗号化部と
    を備え、
     前記端末装置は、
     前記端末暗号化部により暗号化された認証済情報を前記鍵開閉装置に送信し、
     前記鍵開閉装置は、
     前記端末暗号化部により暗号化された認証済情報を復号する装置復号部を備えた請求項5または6に記載の電子錠システム。     The server device,
    A server encryption unit for encrypting the authenticated information,
    The server communication unit,
    Transmitting the encrypted authenticated information to the terminal device,
    The terminal device,
    A terminal communication unit that receives the encrypted authenticated information from the server communication unit,
    A terminal decryption unit that decrypts the encrypted authenticated information received by the terminal communication unit,
    An authenticated information storage unit that stores the authenticated information obtained by decrypting the encrypted authenticated information,
    A terminal encryption unit that encrypts the authenticated information stored in the authenticated information storage unit,
    The terminal device,
    Transmitting the authenticated information encrypted by the terminal encryption unit to the key opening / closing device,
    The key opening and closing device,
    The electronic lock system according to claim 5, further comprising a device decryption unit configured to decrypt the authenticated information encrypted by the terminal encryption unit.
  8.  前記管理装置は、
     前記開錠部により前記電子錠が開錠されると、前記電子錠が開錠された時刻と前記ユーザ識別子と前記設備識別子と前記開錠の結果とを含むログを開錠ログとして収集するログ収集部を備えた請求項6または7に記載の電子錠システム。     The management device,
    When the electronic lock is unlocked by the unlocking unit, a log that collects a log including a time at which the electronic lock is unlocked, the user identifier, the equipment identifier, and the unlocking result as an unlock log. The electronic lock system according to claim 6, further comprising a collection unit.
  9.  前記ログ収集部は、
     前記検証部による前記開錠権限の正当性の検証が失敗すると、前記開錠権限の正当性の検証が失敗した時刻と前記ユーザ識別子と前記設備識別子と前記検証の結果とを含むログを前記開錠ログとして収集する請求項8に記載の電子錠システム。     The log collection unit,
    When the verification of the unlocking authority by the verification unit fails, the log including the time at which the verification of the unlocking authority is failed, the user identifier, the equipment identifier, and the result of the verification is opened. The electronic lock system according to claim 8, wherein the electronic lock system is collected as a lock log.
  10.  前記鍵開閉装置は、
     現在時刻を取得する時刻取得部を備え、
     前記装置通信部は、
     前記開錠部により前記電子錠が開錠された時刻を前記時刻取得部により取得し、前記電子錠が開錠されたことを報告する開錠報告に、前記時刻を含めて前記管理装置に送信する請求項8または請求項9に記載の電子錠システム。     The key opening and closing device,
    A time acquisition unit for acquiring the current time,
    The device communication unit,
    The time at which the electronic lock is unlocked by the unlocking unit is obtained by the time obtaining unit, and is transmitted to the management device including the time in an unlocking report reporting that the electronic lock is unlocked. The electronic lock system according to claim 8 or claim 9, wherein
  11.  前記サーバ装置は、
     前記開錠権限データのハッシュ値と前記ユーザ識別子とを記憶する開錠権限記憶部を備え、
     前記開錠権限生成部は、
     前記ユーザ権限情報を取得すると、取得した前記ユーザ権限情報から生成された前記開錠権限データのハッシュ値を計算し、計算したハッシュ値が前記開錠権限記憶部に記憶されていない場合、前記計算したハッシュ値を前記開錠権限記憶部に記憶し、
     前記サーバ装置は、
     前記開錠権限生成部により計算されたハッシュ値が前記開錠権限記憶部に記憶されている場合に、前記開錠権限記憶部に記憶されているハッシュ値から失効情報を生成し、前記失効情報を前記管理装置に送信する失効情報生成部を備え、
     前記管理装置は、
     前記サーバ装置から送信された前記失効情報を記憶する失効情報記憶部を備えた請求項6から請求項10のいずれか1項に記載の電子錠システム。     The server device,
    An unlocking authority storage unit that stores a hash value of the unlocking authority data and the user identifier,
    The unlocking authority generation unit,
    When the user authority information is acquired, a hash value of the unlocking authority data generated from the acquired user authority information is calculated, and if the calculated hash value is not stored in the unlocking authority storage unit, the calculation is performed. The obtained hash value is stored in the unlocking authority storage unit,
    The server device,
    When the hash value calculated by the unlocking authority generation unit is stored in the unlocking authority storage unit, revocation information is generated from the hash value stored in the unlocking authority storage unit, and the revocation information Comprises a revocation information generating unit that transmits to the management device,
    The management device,
    The electronic lock system according to any one of claims 6 to 10, further comprising a revocation information storage unit that stores the revocation information transmitted from the server device.
  12.  前記サーバ装置は、
     前記秘密情報を取得する入力部であって、前記秘密情報が前記秘密情報記憶部に記憶されていると、前記開錠権限記憶部に記憶されている前記開錠権限データのハッシュ値と前記ユーザ識別子とを初期化する入力部を備えた請求項11に記載の電子錠システム。     The server device,
    An input unit for acquiring the secret information, wherein when the secret information is stored in the secret information storage unit, a hash value of the unlocking authority data stored in the unlocking authority storage unit and the user The electronic lock system according to claim 11, further comprising an input unit for initializing the identifier.
  13.  前記検証部は、
     前記認証済情報に含まれる前記開錠権限データのハッシュ値を計算し、前記開錠権限データのハッシュ値が前記失効情報記憶部に記憶されている場合に、前記開錠権限の正当性を検証する処理を終了する請求項12に記載の電子錠システム。     The verification unit,
    Calculate the hash value of the unlocking authority data included in the authenticated information, and verify the validity of the unlocking authority when the hash value of the unlocking authority data is stored in the revocation information storage unit. The electronic lock system according to claim 12, wherein the processing for performing the operation is terminated.
  14.  前記開閉システムは、
     前記通信ネットワークと異なるネットワークを介して、前記端末装置と通信する管理装置と、
     前記管理装置と通信するとともに、前記電子錠の開閉を制御する鍵開閉装置と
    を備え、
     前記サーバ装置は、前記開錠権限データが失効したことを表す失効情報を前記端末装置に送信し、
     前記端末装置は、
     前記通信ネットワークと異なるネットワークを介して、前記管理装置に前記失効情報を送信し、
     前記鍵開閉装置は、
     前記端末装置から近距離無線により前記認証済情報を受信する近距離通信部と、前記開錠部とを備え、
     前記管理装置は、前記検証部を備え、
     前記検証部は、
     前記近距離通信部により受信された前記認証済情報を取得し、前記認証済情報に含まれる前記開錠権限データが前記失効情報に含まれていない場合に、前記認証済情報と前記検証情報とを用いて前記開錠権限の正当性を検証する請求項2に記載の電子錠システム。     The opening and closing system includes:
    A management device that communicates with the terminal device through a network different from the communication network,
    A key opening and closing device that communicates with the management device and controls opening and closing of the electronic lock,
    The server device transmits to the terminal device revocation information indicating that the unlocking authority data has been revoked,
    The terminal device,
    Transmitting the revocation information to the management device via a network different from the communication network;
    The key opening and closing device,
    A short-range communication unit that receives the authenticated information by short-range wireless communication from the terminal device, and the unlocking unit;
    The management device includes the verification unit,
    The verification unit,
    Acquiring the authenticated information received by the short-range communication unit, when the unlocking authority data included in the authenticated information is not included in the revocation information, the authenticated information and the verification information The electronic lock system according to claim 2, wherein the validity of the unlocking authority is verified using a password.
  15.  前記ユーザ権限情報は、複数のユーザ識別子と、前記複数のユーザ識別子により識別される複数のユーザが属するユーザグループを識別するユーザグループ識別子と、前記設備識別子とが対応付けられており、
     前記開錠権限生成部は、
     前記複数のユーザ識別子と前記ユーザグループ識別子と前記設備識別子とを用いて前記ユーザグループの開錠権限を表す前記開錠権限データを生成し、
     前記認証情報生成部は、
     前記開錠権限データと前記秘密鍵とを用いて、前記開錠権限データを認証する前記認証情報を生成する請求項6から請求項13のいずれか1項に記載の電子錠システム。     The user authority information is associated with a plurality of user identifiers, a user group identifier that identifies a user group to which a plurality of users identified by the plurality of user identifiers belong, and the equipment identifier,
    The unlocking authority generation unit,
    Using the plurality of user identifiers, the user group identifier and the equipment identifier to generate the unlocking authority data representing the unlocking authority of the user group,
    The authentication information generator,
    The electronic lock system according to any one of claims 6 to 13, wherein the authentication information for authenticating the unlocking authority data is generated using the unlocking authority data and the secret key.
  16.  前記開閉システムは、
     前記管理装置と通信する端末装置を管理端末として備え、
     前記管理端末は、
     前記サーバ装置から前記検証情報を受信し、前記検証情報を記憶する検証情報記憶部と、
     前記管理装置を識別する管理装置識別子と、前記管理端末と前記管理装置との間で生成された秘密データとを対応付けて記憶する管理端末記憶部と
    を備え、
     前記管理装置は、
     前記秘密データと前記管理端末を識別する管理端末識別子とを対応付けて記憶する管理端末記憶部と、
     前記管理端末から前記検証情報の更新を要求する更新要求を受信すると、前記更新要求の要求元の前記管理端末が前記検証情報記憶部に記憶されている場合に、前記検証情報を更新する検証情報記憶部と
    を備えた請求項6から10のいずれか1項に記載の電子錠システム。     The opening and closing system includes:
    A terminal device communicating with the management device is provided as a management terminal,
    The management terminal,
    A verification information storage unit that receives the verification information from the server device and stores the verification information;
    A management device identifier that identifies the management device, a management terminal storage unit that stores the secret data generated between the management terminal and the management device in association with each other,
    The management device,
    A management terminal storage unit that stores the secret data and a management terminal identifier that identifies the management terminal in association with each other,
    Upon receiving an update request for updating the verification information from the management terminal, when the management terminal requesting the update request is stored in the verification information storage unit, verification information for updating the verification information. The electronic lock system according to any one of claims 6 to 10, further comprising a storage unit.
  17.  電子錠を備えた設備を有する開閉システムと、前記開閉システムと近距離無線により通信する端末装置と、前記開閉システムと前記端末装置との各々と通信ネットワークを介して通信するサーバ装置とを有する電子錠システムの電子錠管理方法において、
     前記サーバ装置が、秘密鍵と前記秘密鍵に対応する公開鍵の証明書とを秘密情報として記憶し、
     前記サーバ装置が、前記設備を利用するユーザを識別するユーザ識別子と、前記ユーザによる開錠が許可されている設備を識別する設備識別子とが対応付けられたユーザ権限情報を取得し、前記ユーザ権限情報と前記秘密鍵とを用いて、前記ユーザの開錠権限の正当性を認証するための認証済情報を生成し、
     前記サーバ装置が、前記証明書を検証情報として前記開閉システムに送信するとともに、前記認証済情報を前記端末装置に送信し、
     前記開閉システムが、前記端末装置から近距離無線により前記認証済情報を受信すると、前記認証済情報と前記検証情報とを用いて前記開錠権限の正当性を検証し、
     前記開閉システムが、前記開錠権限の正当性が検証されると、前記電子錠を開錠する電子錠管理方法。     An electronic system comprising: an opening / closing system having equipment provided with an electronic lock; a terminal device that communicates with the opening / closing system by short-range wireless communication; and a server device that communicates with each of the opening / closing system and the terminal device via a communication network. In the electronic lock management method of the lock system,
    The server device stores a secret key and a certificate of a public key corresponding to the secret key as secret information,
    The server device acquires user authority information in which a user identifier for identifying a user who uses the facility and a facility identifier for identifying a facility that is permitted to be unlocked by the user are associated with each other. Using the information and the secret key, to generate authenticated information for authenticating the validity of the unlocking authority of the user,
    The server device transmits the certificate to the switching system as verification information, and transmits the authenticated information to the terminal device,
    When the open / close system receives the authenticated information from the terminal device by short-range wireless communication, the validity of the unlocking authority is verified using the authenticated information and the verification information,
    The electronic lock management method, wherein the opening and closing system unlocks the electronic lock when the validity of the unlocking authority is verified.
  18.  電子錠を備えた設備を有する開閉システムと、前記開閉システムと近距離無線により通信する端末装置と、前記開閉システムと前記端末装置との各々と通信ネットワークを介して通信するサーバ装置とを有する電子錠システムの電子錠管理プログラムにおいて、
     秘密鍵と前記秘密鍵に対応する公開鍵の証明書とを秘密情報として記憶する秘密情報記憶処理と、
     前記設備を利用するユーザを識別するユーザ識別子と、前記ユーザによる開錠が許可されている設備を識別する設備識別子とが対応付けられたユーザ権限情報を取得し、前記ユーザ権限情報と前記秘密鍵とを用いて、前記ユーザの開錠権限の正当性を認証するための認証済情報を生成する生成処理と、
     前記証明書を検証情報として前記開閉システムに送信するとともに、前記認証済情報を前記端末装置に送信するサーバ通信処理と、
     前記開閉システムが前記端末装置から近距離無線により前記認証済情報を受信すると、前記認証済情報と前記検証情報とを用いて前記開錠権限の正当性を前記開閉システムにより検証する検証処理と、
     前記検証処理により前記開錠権限の正当性が検証されると、前記電子錠を前記開閉システムにより開錠する開錠処理と
    をコンピュータに実行させる電子錠管理プログラム。     An electronic system comprising: an opening / closing system having equipment provided with an electronic lock; a terminal device that communicates with the opening / closing system by short-range wireless communication; and a server device that communicates with each of the opening / closing system and the terminal device via a communication network. In the lock system electronic lock management program,
    Secret information storage processing for storing a secret key and a certificate of a public key corresponding to the secret key as secret information,
    Acquiring user authority information in which a user identifier for identifying a user who uses the facility and a facility identifier for identifying a facility that is permitted to be unlocked by the user are acquired, and the user authority information and the secret key are acquired. A generating process of generating authenticated information for authenticating the validity of the unlocking authority of the user using
    Server communication processing for transmitting the certificate to the opening / closing system as verification information and transmitting the authenticated information to the terminal device;
    When the open / close system receives the authenticated information from the terminal device by short-range wireless communication, a verification process for verifying the validity of the unlocking authority by the open / close system using the authenticated information and the verification information,
    An electronic lock management program for causing a computer to execute an unlocking process of unlocking the electronic lock by the opening / closing system when the validity of the unlocking authority is verified by the verification process.
PCT/JP2018/023529 2018-06-20 2018-06-20 Electronic lock system, electronic lock management method, and electronic lock management program WO2019244289A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2018/023529 WO2019244289A1 (en) 2018-06-20 2018-06-20 Electronic lock system, electronic lock management method, and electronic lock management program
JP2020525158A JP6779416B2 (en) 2018-06-20 2018-06-20 Electronic lock system, electronic lock management method, and electronic lock management program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2018/023529 WO2019244289A1 (en) 2018-06-20 2018-06-20 Electronic lock system, electronic lock management method, and electronic lock management program

Publications (1)

Publication Number Publication Date
WO2019244289A1 true WO2019244289A1 (en) 2019-12-26

Family

ID=68982805

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2018/023529 WO2019244289A1 (en) 2018-06-20 2018-06-20 Electronic lock system, electronic lock management method, and electronic lock management program

Country Status (2)

Country Link
JP (1) JP6779416B2 (en)
WO (1) WO2019244289A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114221772A (en) * 2021-12-14 2022-03-22 南方电网科学研究院有限责任公司 Safety chip and method for electric intelligent lock
CN115273284A (en) * 2022-07-27 2022-11-01 中国电信股份有限公司 Permission adaptation method and device, storage medium and electronic equipment
WO2024042928A1 (en) * 2022-08-26 2024-02-29 パナソニックIpマネジメント株式会社 Information processing system, control device, and information processing method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002216198A (en) * 2001-01-23 2002-08-02 Takamisawa Cybernetics Co Ltd Terminal and system for managing entrance/exit
JP2006233475A (en) * 2005-02-23 2006-09-07 Nippon Telegr & Teleph Corp <Ntt> Key service method, system and its program
JP2009116600A (en) * 2007-11-06 2009-05-28 Mitsubishi Electric Corp Entering and leaving management system
JP2016223212A (en) * 2015-06-02 2016-12-28 ソニー株式会社 Lock device, information processing method, program, and communication terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002216198A (en) * 2001-01-23 2002-08-02 Takamisawa Cybernetics Co Ltd Terminal and system for managing entrance/exit
JP2006233475A (en) * 2005-02-23 2006-09-07 Nippon Telegr & Teleph Corp <Ntt> Key service method, system and its program
JP2009116600A (en) * 2007-11-06 2009-05-28 Mitsubishi Electric Corp Entering and leaving management system
JP2016223212A (en) * 2015-06-02 2016-12-28 ソニー株式会社 Lock device, information processing method, program, and communication terminal

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114221772A (en) * 2021-12-14 2022-03-22 南方电网科学研究院有限责任公司 Safety chip and method for electric intelligent lock
CN115273284A (en) * 2022-07-27 2022-11-01 中国电信股份有限公司 Permission adaptation method and device, storage medium and electronic equipment
WO2024042928A1 (en) * 2022-08-26 2024-02-29 パナソニックIpマネジメント株式会社 Information processing system, control device, and information processing method

Also Published As

Publication number Publication date
JP6779416B2 (en) 2020-11-04
JPWO2019244289A1 (en) 2020-12-17

Similar Documents

Publication Publication Date Title
CN110875821B (en) Cryptography blockchain interoperation
US11128477B2 (en) Electronic certification system
TWI754046B (en) Secure dynamic threshold signature scheme employing trusted hardware
US10382485B2 (en) Blockchain-assisted public key infrastructure for internet of things applications
US11849029B2 (en) Method of data transfer, a method of controlling use of data and cryptographic device
EP2659373B1 (en) System and method for secure software update
US20220247576A1 (en) Establishing provenance of applications in an offline environment
JP6779416B2 (en) Electronic lock system, electronic lock management method, and electronic lock management program
CN113228560B (en) Issuing apparatus and method for issuing, and requesting apparatus and method for requesting digital certificate
CN115277168A (en) Method, device and system for accessing server
WO2019163040A1 (en) Access management system and program thereof
WO2022219323A1 (en) Secure root-of-trust enrolment and identity management of embedded devices
JP2019057827A (en) Distributed authentication system and program
CN114124362A (en) Key distribution method, device and computer readable medium
US20240195641A1 (en) Interim root-of-trust enrolment and device-bound public key registration
EP4295343A1 (en) Puf and blockchain based iot event recorder and method
CN118413304A (en) Block chain-based national cipher double certificate issuing and managing method and system
CN118233193A (en) Identity authentication method, key storage method and device of Internet of things equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18923546

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2020525158

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18923546

Country of ref document: EP

Kind code of ref document: A1