JP6693094B2 - Access control system, electronic device, and access control program - Google Patents

Description

  The present invention relates to a method of managing access to confidential data and equipment in a security room.

  Conventionally, confidential data such as personal information accessible in a security room has been encrypted by a database management system. For example, Patent Document 1 discloses a database encryption system in which a user system connected to a database management system via a network determines whether encryption is necessary. Further, Patent Document 2 discloses a technique of restricting browsing of an encrypted file brought out from a management server to an external storage device that can be carried out to only a user who took out the file by biometric authentication.

Japanese Patent No. 5344109 Japanese Patent No. 5331736

  However, a user who is registered in the system as a person who has a legitimate user right can decrypt and access even encrypted confidential data. There is a risk that confidential data such as information will be taken outside.

  An object of the present invention is to prevent a person who has an access right to the confidential data in the security room from taking the confidential data to the outside and manage access to a device installed in the security room.

In one aspect of the present invention, an access management system unlocks a gate provided in a room when a user enters a room, and a gate control device that stores access permission information in a storage medium of the user, An electronic device that is installed in the room, reads access permission information from the storage medium, operates using the read access permission information, and an access management device that generates the access permission information and supplies the access control information to the gate control device. And an erasing unit for erasing the access permission information from the storage medium before the user leaves the room, and the electronic device is connected to a database and stored in the database. At least a part of the data is encrypted, and the electronic device uses the access permission information to recover the encrypted data. Characterized by reduction.

In the above access management system, the access management device generates access permission information for the user and sends it to the gate control device. The gate control device unlocks the gate provided in the room and writes the access permission information in the storage medium of the user. When a user holds a storage medium over an electronic device installed in a room, the electronic device reads access permission information from the storage medium and operates using the access permission information. The access permission information stored in the storage medium of the user is deleted before the user leaves the room. Therefore, after leaving the room, the access permission information is not stored in the user's storage medium, and the use of the electronic device is limited to the room. Furthermore, the electronic device is connected to a database, at least a part of the data stored in the database is encrypted, and the electronic device is encrypted using the access permission information. Decrypt the data. In this mode, the user can decrypt and view the encrypted data by the access permission information stored in the storage medium while in the room. On the other hand, since the access permission information is not stored in the storage medium after the user leaves the room, even if the decrypted data is taken out of the room, for example, the decrypted data is browsed. Can not do it. This prevents the data from being taken out.

  In one aspect of the above access management system, the erasing unit is provided in the gate control device, and erases the access permission information from the storage medium when the user leaves the room. In this aspect, since the access permission information is erased from the storage medium when the user leaves the room, a plurality of electronic devices can be used while in the room.

  In another aspect of the access management system, the erasing unit is provided in the electronic device, and after the electronic device reads the access permission information from the storage medium, the access permission information is read from the storage medium. Erase. In this aspect, since the access permission information is erased from the storage medium when the user uses the electronic device, there is no need to provide a function for erasing the access permission information in the gate, and the gate serves as a tailgate prevention gate. You don't even have to.

  In another aspect of the access management system described above, the electronic device is normally in a locked state, and the locked state is released by the input of the access permission information to be in a usable state. This allows only the user who has entered the room to use the electronic device.

In another aspect of the present invention, the access management system unlocks a gate provided in a room when a user enters the room, and a gate control device that stores access permission information in a storage medium of the user, An electronic device that is installed in the room, reads access permission information from the storage medium, operates using the read access permission information, and an access management device that generates the access permission information and supplies the access control information to the gate control device. And erasing means for erasing the access permission information from the storage medium before the user leaves the room, the gate control device, when the user enters the room, A transmission unit that reads the identification information from the storage medium and transmits it to the access management device, and receives the access permission information and the unlock instruction from the access management device. And a control unit that stores the access permission information in the storage medium and unlocks the gate based on the unlock instruction, the access management device receiving from the gate control device. The authentication unit that authenticates the user based on the identified information, the generation unit that generates the access permission information for the user when the authentication is successful, the generated access permission information and the unlock instruction. And a plurality of electronic devices installed in the room, the access management device, the unique information determined for each electronic device, by the generation unit. The combined access permission information generated by combining the generated access permission information is transmitted to each of the plurality of electronic devices, and each of the electronic devices performs the access management. A storage unit that stores the combined access permission information transmitted from the storage unit as first combined access permission information, the access permission information read from the storage medium, and the unique information corresponding to the second combined access permission. A control unit that generates information and unlocks the locked state when the second combined access permission information matches the first combined access permission information .

In the above access management system, only the user who has the right to enter the room can acquire the access permission information and use the electronic device. Furthermore, since the synthetic access permission information generated by synthesizing the unique information determined for each electronic device and the access permission information stored in the storage medium is used, the access permission information stored in the storage medium is 1 In this case, access management can be performed using different synthetic access permission information for each electronic device.

In another aspect of the present invention, the access management system unlocks a gate provided in a room when a user enters the room, and a gate control device that stores access permission information in a storage medium of the user, An electronic device that is installed in the room, reads access permission information from the storage medium, operates using the read access permission information, and an access management device that generates the access permission information and supplies the access control information to the gate control device. And erasing means for erasing the access permission information from the storage medium before the user leaves the room, the gate control device, when the user enters the room, A transmission unit that reads the identification information from the storage medium and transmits it to the access management device, and receives the access permission information and the unlocking instruction from the access management device. And a control unit that stores the access permission information in the storage medium and unlocks the gate based on the unlock instruction, the access management device receiving from the gate control device. The authentication unit that authenticates the user based on the identified information, the generation unit that generates the access permission information for the user when the authentication is successful, the generated access permission information and the unlock instruction. A transmission unit for transmitting to the gate control device, one or a plurality of applications are installed in the electronic device, and the access management device includes unique information determined for each application, and the generation unit. And transmits the combined access permission information generated by combining the access permission information generated by the electronic device to the electronic device. The storage unit that stores the combined access permission information transmitted from the access management device as the first combined access permission information, the access permission information read from the storage medium, and the second combination based on the unique information corresponding to itself. A control unit that generates access permission information and enables the application when the second combined access permission information matches the first combined access permission information.

In the above access management system, only the user who has the right to enter the room can acquire the access permission information and use the electronic device. Further, since the synthetic access permission information generated by synthesizing the unique information determined for each application and the access permission information stored in the storage medium is used, one access permission information is stored in the storage medium. Even in this case, it is possible to perform access management by using the combined access permission information that is different for each application.

It is a block diagram which shows the structure of the access management system which concerns on embodiment. It is a block diagram which shows the function structure of an access management server. It is a block diagram which shows the function structure of the electronic device in 1st Embodiment. It is a flow chart of access management processing of a 1st embodiment. 9 is a flowchart of another access management process of the first embodiment. It is a block diagram which shows the function structure of the electronic device in 2nd Embodiment. It is a flow chart of access management processing of a 2nd embodiment. 9 is a flowchart of another access management process of the second embodiment. An example of an access management system when using a synthetic password is shown. It is a figure explaining a synthetic password. It is an example of a display screen showing the operation of the password input application.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

[First Embodiment]
FIG. 1 shows the configuration of an access management system according to the first embodiment of the present invention. As illustrated, the access management system includes a security room 10 and a server room 20. The security room 10 includes a gate 11, an entrance side reader / writer 12, an exit side reader / writer 13, a plurality of electronic devices 14, and a reader / writer 15 installed for each electronic device 14. On the other hand, the server room 20 is provided with a database (hereinafter, also referred to as “DB”) 21, a DB management server 22, and an access management server 23. The gate 11, the entrance side reader / writer 12, the exit side reader / writer 13, the electronic device 14 in the security room 10, the DB management server 22 and the access management server 23 in the server room 20 are connected to a local area LAN (hereinafter, simply It is connected so as to be communicable through “LAN”.

  The security room 10 is a room in which only users having a certain authority are allowed to enter, and a plurality of electronic devices 14 are installed inside. A gate 11 is provided at the entrance of the security room 10. The gate 11 is normally locked and unlocked when a user enters or leaves the room. An entrance side reader / writer 12 and an exit side reader / writer 13 are provided near the gate 11.

  A user such as an employee carries the IC card 3, which is a portable information storage medium. The IC card 3 is a contactless IC card, and is actually an employee ID card, student ID card, ID card, or the like. The ID information of the user is stored in the IC card 3. Examples of ID information are employee numbers and student numbers.

  When entering the security room 10, the user holds the IC card 3 over the reader / writer 12 on the entrance side. When the user is permitted to enter the room, the gate 11 is unlocked and the user can enter the room. Further, when a user in the security room 10 holds the IC card 3 over the exit side reader / writer 13 when leaving the room, the gate 11 is unlocked and the user can leave the room.

  The electronic device 14 installed in the security room 10 is a terminal device such as a PC for accessing the database 21 in the server room 20.

  On the other hand, various data is stored in the database 21 in the server room 20. At least a part of the data stored in the database 21 is confidential data such as personal information, and the confidential data is stored in an encrypted state by a predetermined encryption method. The DB management server 22 manages input / output of data from the database 21 when a user in the security room 10 operates the electronic device 14 to access the database 21.

  The access management server 23 manages a user entering and leaving the security room 10 and using the electronic device 14 in the security room 10. FIG. 2 shows a functional configuration of the access management server 23. The access management server 23 includes a communication unit 31, an authentication unit 32, a user DB 33, and a password generation unit 34.

  The communication unit 31 communicates with various devices and devices via the LAN 5. The user DB 33 stores, for a plurality of users such as employees, attribute information such as the name and post of the user, ID information of the user, presence / absence of authority to enter the security room 10. The authentication unit 32 performs authentication by referring to the user DB 33 based on the ID information of the user. Specifically, the authentication unit 32 determines whether or not to allow the user to enter the security room 10.

  As a result of the authentication by the authentication unit 32, the password generation unit 34 uses the electronic device 14 in the security room 10 to access the confidential data in the database 21 to the user who is admitted to the security room 10. Generate a password required to do this. This password is information necessary to decrypt the encrypted confidential data. Specifically, when the confidential data in the database 21 is encrypted using a common encryption key, the password generated by the password generation unit 34 is the key information for decrypting the encrypted confidential data. Become. Further, when the confidential data is restricted by the common password, the password generated by the password generation unit 34 is a password for canceling the restriction. The password is an example of the access permission information of the present invention.

  FIG. 3 shows a functional configuration of the electronic device 14 set in the security room 10. In the present embodiment, the electronic device 14 is assumed to be a PC for accessing the database 21.

  As shown in FIG. 3, the electronic device 14 includes a communication unit 41, a password input unit 42, and a DB application 43. The communication unit 41 performs necessary communication with the access management server 23, the DB management server 22 and the like via the LAN 5. The DB application 43 is an application that operates on the electronic device 14, which is a PC, and browses and uses data stored in the database 21 in the server room 20.

  The password input unit 42 temporarily stores the password given from the access management server 23 internally and automatically inputs it to the electronic device 14. Specifically, the password input unit 42 automatically inputs the password to the DB application 43. As described above, the confidential data among the data stored in the database 21 is encrypted. Therefore, when the user accesses the confidential data, the DB application 43 decrypts and displays the encrypted confidential data using the password input by the password input unit 42. Thereby, the user can browse and use the encrypted confidential data in the database 21.

(First embodiment)
Next, a first example of the access management process according to the first embodiment will be described. FIG. 4 is a flowchart of the access management process according to the first embodiment. This process is executed by the reader / writer 12 on the entrance side, the reader / writer 13 on the exit side, the electronic device 14, the access management server 23 and the like communicating with each other via the LAN 5.

  First, when the user holds the IC card 3 over the entrance side reader / writer 12, the entrance side reader / writer 12 reads the ID information from the IC card 3 (step S11) and transmits it to the access management server 23 (step S12). .. The access management server 23 performs authentication by referring to the user DB 33 (step S13). That is, the access management server 23 determines whether the user corresponding to the ID information has the entry authority. If the user does not have the entry authority, the processing ends. Therefore, the gate 11 is not opened, and the user cannot enter the security room 10.

  On the other hand, when the authentication is successful, the access management server 23 generates a password (step S14), and transmits this password and the unlocking instruction of the gate 11 to the entrance side reader / writer 12 (step S15).

  The entrance side reader / writer 12 writes the received password in the IC card 3 of the user (step S16) and unlocks the gate 11 (step S17). As a result, the user can enter the security room 10.

  After that, the user holds the IC card 3 over the reader / writer 15 when using the electronic device 14 such as a PC. The reader / writer 15 reads the password from the IC card 3 and automatically inputs it to the DB application 43 in the electronic device 14 (step S18). As described above, in the first embodiment, the password is the information necessary to decrypt the confidential data in the database 21. Therefore, when the user operates the DB application 43 to access the confidential data in the database 21, the DB application 43 decrypts and displays the confidential data using the input password (step S19). In this way, the user can browse and use the confidential data stored in the database 21 in the security room 10.

  Now, when the work is finished, the user finishes the operation of the electronic device 14, proceeds to the gate 11, and holds the IC card 3 over the exit side reader / writer 13. At this time, the exit side reader / writer 13 erases the password stored in the IC card 3 (step S20), and then unlocks the gate 11 (step S21). In this way, the user can exit the security room 10.

  As described above, in the first embodiment, the password required to decrypt the confidential data in the database 21 is erased from the IC card 3 when the user leaves the security room 10. Therefore, even if the user operates the electronic device 14 to access the confidential data, saves the confidential data in the USB memory or other storage medium, and takes it out of the security room 10, the taken out confidential data is encrypted. It cannot be decrypted. Therefore, even if a user who has a legitimate usage authority commits an internal crime to bring out confidential data with a conviction, it is possible to prevent information leakage of confidential data.

  In the first embodiment, when the user leaves the security room 10, the password is erased when the IC card 3 is held over the exit side reader / writer 13 to unlock the gate 11. For this reason, if the user leaves the IC card 3 over the exit reader / writer 13 and then exits next user by so-called tailgating, the password in the IC card 3 cannot be erased. Therefore, in the first embodiment, it is preferable that the gate 11 is a tailgate prevention gate, that is, a gate that only one person can pass through.

(Second embodiment)
Next, a second example of the access management process according to the first embodiment will be described. FIG. 5 is a flowchart of the access management process according to the second embodiment. This process is executed by the reader / writer 12 on the entrance side, the reader / writer 13 on the exit side, the electronic device 14, the access management server 23 and the like communicating with each other via the LAN 5.

  The access management process of the second embodiment is the same as that of the first embodiment shown in FIG. 4 from step S11 to S17, and therefore the description thereof is omitted. When the user enters the security room 10 and holds the IC card 3 over the reader / writer 15 of the electronic device 14, the reader / writer 15 reads the password from the IC card 3, and the electronic device 14 reads the read password from the DB application 43. The password is immediately erased from the IC card 3 (step S32). Alternatively, the electronic device 14 may delete the password from the IC card 3 immediately after reading the password, or the electronic device 14 may delete the password from the IC card 3 immediately after successfully logging in to the electronic device 14 using the password. You may delete the password.

  After that, when the user operates the DB application 43 to access the confidential data in the database 21, the DB application 43 decrypts the confidential data using the input password and displays it (step S33). In this way, the user can browse and use the confidential data stored in the database 21 in the security room 10.

  Now, when the work is finished, the user finishes the operation of the electronic device 14, proceeds to the gate 11, and holds the IC card 3 over the exit side reader / writer 13. The exit side reader / writer 13 unlocks the gate 11 (step S34). In this way, the user can exit the security room 10.

  As described above, in the second embodiment, the password required to decrypt the confidential data in the database 21 is erased from the IC card 3 immediately after being input to the electronic device 14. Therefore, even if the user operates the electronic device 14 to access the confidential data, saves the confidential data in the USB memory or other storage medium, and takes it out of the security room 10, the taken out confidential data is encrypted. It cannot be decrypted. Therefore, even if a user who has a legitimate usage authority commits an internal crime to bring out confidential data with a conviction, it is possible to prevent information leakage of confidential data.

  In the second embodiment, the password of the IC card 3 has already been erased when the user finishes operating the electronic device 14. Therefore, it is not necessary to make the gate 11 a tailgate prevention gate. Further, the exit side reader / writer 13 has no function of erasing the password, and the exit side reader / writer 13 can be omitted. That is, it is possible to eliminate the need for authentication when the user leaves the room. As a result, the cost of the entire system can be reduced.

[Second Embodiment]
The overall configuration of the access management system of the second embodiment is similar to that of the first embodiment shown in FIG. The functional configuration of the access management server 23 is also the same as that of the first embodiment shown in FIG.

  In the second embodiment, it is assumed that the electronic device 14 in the security room 10 is a device that does not access the database 21. Specifically, the electronic device 14 includes various types of electronic devices such as a security locker, a printer, a FAX, and a multi-function peripheral, as well as a terminal device such as a PC.

  FIG. 6 shows a functional configuration of the electronic device 14 in the second embodiment. As illustrated, the electronic device 14 includes a communication unit 41, an authentication unit 45, and a device lock unit 46. The communication unit 41 performs necessary communication with the access management server 23, the DB management server 22 and the like via the LAN 5. The authentication unit 45 performs an authentication process for determining whether or not the user has the authority to use the electronic device 14 based on the password stored in the IC card of the user. The device lock unit 46 normally maintains the electronic device 14 in a locked state, and when the authentication by the authentication unit 45 is successful, the device lock unit 46 unlocks the electronic device 14 to be in a usable state.

  In the second embodiment, the password generation unit 34 of the access management server 23 allows the user who is admitted to the security room 10 as a result of the authentication by the authentication unit 32 to set the electronic device 14 in the security room 10 to the user. Generate password required for use. This password is an example of the access permission information of the present invention. The password generation unit 34 may always generate the same password for one user, or may generate a different password every time. Further, it may be a password having an expiration date such as a so-called one-time password.

(First embodiment)
Next, a first example of the access management process according to the second embodiment will be described. FIG. 7 is a flowchart of the access management process according to the first embodiment. This process is executed by the reader / writer 12 on the entrance side, the reader / writer 13 on the exit side, the electronic device 14, the access management server 23 and the like communicating with each other via the LAN 5.

  In the access management process shown in FIG. 7, steps S11 to S17 are the same as in the first example of the first embodiment shown in FIG. The access management server 23 transmits the generated password to the entrance side reader / writer 12 in step S15 and then also to each electronic device 14 (step S41). The electronic device 14 receives the password from the access management server 23 and sets it as the password for releasing the locked state by the device lock unit 46 (step S42).

  A user who possesses the IC card 3 in which the password is written by the entrance side reader / writer 12 holds the IC card 3 over the reader / writer 15 of the electronic device 14. The password read by the reader / writer 15 from the IC card 3 is sent to the authentication unit 45 of the electronic device 14, and the authentication unit 45 authenticates the password (step S43). Specifically, the authentication unit 45 determines whether the password transmitted from the access management server 23 and set in step S42 matches the password read from the IC card 3 of the user. If they match, the authentication is successful and the device lock unit 46 releases the locked state of the device (step S44). As a result, the user can use the electronic device 14. If the authentication is unsuccessful, the locked state of the device is not released, and the user cannot use the electronic device 14.

  After finishing the work by the electronic device 14, the user goes to the gate 11 and holds the IC card 3 over the exit side reader / writer 13. The exit side reader / writer 13 erases the password from the IC card 3 (step S45) and unlocks the gate 11 (step S46). As a result, the user exits the security room 10.

  In the first embodiment, the password for enabling the electronic device 14 is written in the IC card 3 by the entrance side reader / writer 12 when entering the room, and erased from the IC card 3 by the exit side reader / writer 13 when exiting. It Therefore, the password is never brought out of the security room 10. Further, basically, the user cannot view or copy the password itself in the state where the password is written in the IC card 3, so that the user cannot take it out by another storage medium or memo. Therefore, the security of the electronic device 14 is ensured.

  In the first embodiment, the password is erased when the user leaves the security room 10 and holds the IC card 3 over the exit side reader / writer 13. For this reason, if the user leaves the IC card 3 over the exit reader / writer 13 and then exits next user by so-called tailgating, the password in the IC card 3 cannot be erased. Therefore, in the first embodiment, it is preferable that the gate 11 is a tailgate prevention gate, that is, a gate that only one person can pass through.

(Second embodiment)
Next, a second example of the access management process according to the second embodiment will be described. FIG. 8 is a flowchart of the access management process according to the second embodiment. This process is executed by the reader / writer 12 on the entrance side, the reader / writer 13 on the exit side, the electronic device 14, the access management server 23 and the like communicating with each other via the LAN 5.

  In the access management processing shown in FIG. 8, steps S11 to S17 are the same as those in the first example of the first embodiment shown in FIG. The access management server 23 transmits the generated password to the entrance side reader / writer 12 in step S15 and then to each electronic device 14 (step S51). The electronic device 14 receives the password from the access management server 23 and sets it as a password for releasing the locked state by the device lock unit 46 (step S52).

  A user who possesses the IC card 3 in which the password is written by the entrance side reader / writer 12 holds the IC card 3 over the reader / writer 15 of the electronic device 14. The password read by the reader / writer 15 from the IC card 3 is sent to the authentication unit 45 of the electronic device 14, and the authentication unit 45 authenticates the password (step S53). Specifically, the authentication unit 45 determines whether or not the password transmitted from the access management server 23 and set in step S52 matches the password read from the user's IC card 3. If they match, the authentication is successful and the device lock unit 46 releases the locked state of the device (step S54). As a result, the user can use the electronic device 14. If the authentication is unsuccessful, the user cannot use the electronic device 14. Further, the electronic device 14 immediately erases the password from the IC card 3 (step S55).

  After finishing the work by the electronic device 14, the user goes to the gate 11 and holds the IC card 3 over the exit side reader / writer 13. The exit side reader / writer 13 unlocks the gate 11. As a result, the user exits the security room 10.

  In the second embodiment, the password for enabling the electronic device 14 is written into the IC card 3 by the entrance side reader / writer 12 at the time of entering the room, is used for the authentication process in the electronic device 14, and then immediately IC It is erased from the card 3. Therefore, the password is never brought out of the security room 10. Further, basically, the user cannot view or copy the password itself in the state where the password is written in the IC card 3, so that the user cannot take it out by another storage medium or memo. Therefore, the security of the electronic device 14 is ensured.

  In the second embodiment, the password of the IC card 3 has already been erased when the user finishes operating the electronic device 14. Therefore, it is not necessary to make the gate 11 a tailgate prevention gate. Further, since the exit side reader / writer 13 does not have the function of deleting the password, the exit side reader / writer 13 can be omitted. That is, it is possible to eliminate the need for authentication when the user leaves the room. As a result, the cost of the entire system can be reduced.

(Application example of password)
Next, an application example of the password will be described. FIG. 9 shows the configuration of an access management system using an application example of a password. Although the basic configuration is similar to that of the access management system shown in FIG. 1, it is assumed that three electronic devices 14 of electronic devices A to C are installed in the security room 10. In the above embodiment, the same password is basically used for the plurality of electronic devices 14 installed in the security room 10. However, there are cases where it is desired to use a different password for each electronic device 14. In such a case, it is troublesome to generate different passwords for the number of electronic devices 14 existing in the security room 10 and write them into the IC card 3, and generally, the storage capacity of the IC card 3 is so large. It may not be feasible because it does not exist.

  Therefore, as shown in FIG. 10, the password is composed of a combination of a header and a password stored in the IC card 3 (hereinafter, also referred to as “password body”). Hereinafter, the password configured in this way is referred to as a "composite password". Here, the header portion is prepared for each electronic device. For example, when there are electronic devices A to C, the header used for the electronic device A is “A1”, the header used for the electronic device B is “B1”, and the header is used for the electronic device C. The header to be displayed is “C1”. In this case, the combined password used for the electronic device A is “A1abcd”, which is a combination of the header portion “A1” and the password text (that is, the password stored in the IC card 3) “abcd”. .. The composite password can be similarly generated for the electronic devices B and C. By doing so, even if there is only one password stored in the IC card 3, it is possible to use a different composite password for each electronic device.

  In actual control, the access management server 23 predetermines a header for each electronic device installed in the security room 10 and notifies each electronic device of the header. For example, in the example of FIG. 10, the access management server 23 notifies the electronic device A to use the header “A1” for the electronic device A.

  When the user enters the security room 10, the access management server 23 generates a password if the ID information of the user transmitted from the entrance reader / writer 12 is successfully authenticated. At this time, the password generation unit 34 of the access management server 23 first determines the password body, that is, the password to be stored in the IC card 3, and the access management server 23 transmits the password body to the entrance side reader / writer 15. Thus, when the user enters the room, the password text is written in the IC card 3 of the user.

  Next, the password generation unit 34 synthesizes the header and the password text that are predetermined for each electronic device to generate a synthesized password that is different for each electronic device, as shown in FIG. Then, the access management server 23 notifies each electronic device 14 of the generated combined password and sets it in the electronic device 14. In the case of the electronic device A, the access management server 23 generates a combined password “A1abcd”, notifies the electronic device A and sets it.

  Now, the user who has the IC card 3 in which the password text is written holds the IC card 3 over the reader / writer 15 in order to use the electronic device 14. Now, assuming that the user uses the electronic device A, the electronic device A adds the header "A1" of the electronic device A to the password text ("abcd") read from the IC card 3 and synthesizes it. The password "A1abcd" is generated. The electronic device A collates the synthetic password generated in this way with the synthetic password set in advance by the notification from the access management server 23. If the two match, the authentication is considered successful and the electronic device A can be used.

  As described above, by using the combined password, even if there is only one password text stored in the IC card 3, it is possible to perform authentication using a different combined password for each of the plurality of electronic devices 14.

  When the electronic device is a PC or the like, a plurality of applications may be installed in one electronic device. In this case, the access management server 23 may set different headers for each application, and notify the electronic device of the headers and combined passwords of all the applications installed in the electronic device. For example, when the application A and the application X are installed in the electronic device A, the access management server 23 sets the header “A1” for the application A, the combined password “A1abcd”, and the header “X1” for the application X. The electronic device A may be notified of the combined password “X1abcd”. Accordingly, when a plurality of applications are installed in one electronic device, it is possible to perform authentication by using a different synthetic password for each application.

  In the above example, the header is simply added to the password body to generate the composite password, but the method of generating the composite password is not limited to this. For example, you can combine the letters and numbers that make up the header with the letters and numbers that make up the password body in a more complex order, or calculate the numbers that make up the header and the numbers that make up the password body in a certain way. A synthetic password may be generated.

(Password input application)
In the above example, in each electronic device 14, a header is added to the password text read from the IC card 3 to generate a composite password, which is automatically input to the application operating on the electronic device 14. That is, when the user holds the IC card 3 over the reader / writer 15, a header is added to the password text read by the electronic device 14 from the IC card 3 to generate a composite password, and the generated password is internally stored. Automatically input information for unlocking electronic devices and login information for applications using software.

  Instead, a password input application that generates a composite password in the electronic device and executes the process of setting the login information of the application is prepared as a resident application in the electronic device, and the electronic device is unlocked by the user's operation. May be input as information for login or login information for the application. An example of an operation screen by such a password input application is shown in FIG.

  FIG. 11 is an example of a display screen when the electronic device A is a PC, and the icon 53 of the password input application which is a resident application is displayed. In addition to the application A, the electronic device A has applications X and Y installed. In this case, the electronic device A has headers (for example, “A1”, “X1”, and “Y1”) for the applications A, X, and Y set therein.

  When the user holds the IC card 3 over the reader / writer 15, the password input application is activated on the PC, which is an electronic device, and the icon 53 is displayed. When the user activates the application A and the application X operating on the electronic device A, the login window 51 of the application A and the login window 52 of the application X are displayed.

  When logging in to the application A, the user first manually inputs his / her ID information in the ID field in the login window 51 of the application A.

  Next, when the user clicks the password input application icon 53, a password input application window 54 is displayed. In this window 54, icons 55a, 55x, 55y corresponding to the applications A, X, Y installed in the electronic device A are displayed. Since the user uses the application A, the user drags the icon 55a corresponding to the application A and drops it in the password field of the window 51 of the application A. As a result, the password input application generates a combined password "A1abcd" that combines the header "A1" of the application A and the password text "abcd" read from the IC card 3, and uses it as the password of the login information of the application A. input. In this way, by installing the password input application as a resident application in the electronic device, it is possible to log in by inputting the composite password to each application by the operation of the user. When the user wants to log in to the application X, similarly, the user manually enters his or her ID information in the ID field of the login window 52 of the application X, and the icon 55x of the application X in the window 54 is set as the password of the login window 52. Just drag and drop into the field.

  In addition, in the example of FIG. 11, one resident application corresponding to all the applications is prepared, but an individual application may be activated for each application. That is, in the example of FIG. 11, when the application A is activated, the window 54 including only the icon 55a corresponding to the application A is displayed, and when the application X is activated, the window 54 including only the icon 55x corresponding to the application X is displayed. May be displayed.

  In this example, instead of automatically inputting the ID information in the login window 51 of the application A from the IC card 3 as described above, the user manually inputs the ID information. In this way, for example, even if the user loses the IC card 3 and another person who picks up the IC card 3 enters the security room 10 and tries to operate the electronic device A or the application A, that person will not Since the ID information is not known and the user cannot manually input the ID information, the application A cannot be logged in. That is, it is possible to prevent a third party who illegally obtains another person's IC card from impersonating that person and operating the electronic device 14 in the security room 10.

[Modification]
Although a password is used as the access permission information in the above embodiment, the access permission information in the present invention is not limited to the password. For example, attributes such as the post of the user may be used as the access permission information.

  In the above embodiment, the IC card 3 is used as a storage medium possessed by the user, but the storage medium in the present invention is not limited to the IC card, and data can be written and read in a contactless manner such as an IC tag. Various media can be used.

  In the above embodiment, the gate 11, the entrance side reader / writer 12, the exit side reader / writer 13, the electronic device 14 installed in the security room 10, the DB management server 22 and the access management server installed in the server room 20. However, the LAN for the electronic device to access the database 21 and the LAN for access management may be independently configured. That is, in addition to the LAN connecting the electronic device 14 and the DB management server 22, for access management connecting the access management server 23, the gate 11, the entrance side reader / writer 12, the exit side reader / writer 13, and the electronic device 14. LAN may be provided.

10 Security Room 11 Gate 12 Reader / Writer for Entrance 13 Reader / Writer for Exit 14 Electronic Equipment 15 Reader / Writer 20 Server Room 21 Database 22 DB Management Server

Claims (6)

A gate control device that unlocks a gate provided in a room when a user enters the room and stores access permission information in a storage medium of the user,
An electronic device which is installed in the room, reads access permission information from the storage medium, and operates using the read access permission information;
An access management device that generates the access permission information and supplies the access control information to the gate control device;
Erasing means for erasing the access permission information from the storage medium before the user leaves the room,
Equipped with
The electronic device is connected to a database,
At least some of the data stored in the database is encrypted,
The access management system , wherein the electronic device uses the access permission information to decrypt encrypted data .   The access according to claim 1, wherein the erasing unit is provided in the gate control device and erases the access permission information from the storage medium when the user leaves the room. Management system.   The erasing means is provided in the electronic device, and erases the access permission information from the storage medium after the electronic device reads the access permission information from the storage medium. Access control system described.   The electronic device is normally in a locked state, and the locked state is released by the input of the access permission information to be in a usable state. Access control system described. A gate control device that unlocks a gate provided in a room when a user enters the room and stores access permission information in a storage medium of the user,
An electronic device which is installed in the room, reads access permission information from the storage medium, and operates using the read access permission information;
An access management device that generates the access permission information and supplies the access control information to the gate control device;
Erasing means for erasing the access permission information from the storage medium before the user leaves the room,
Equipped with
The gate control device,
When the user enters the room, a transmission unit that reads identification information from the storage medium and transmits the identification information to the access management device,
A receiving unit that receives the access permission information and the unlocking instruction from the access management device,
A control unit that stores the access permission information in the storage medium and unlocks the gate based on the unlocking instruction;
Equipped with
The access management device,
An authentication unit that authenticates the user based on the identification information received from the gate control device;
A generation unit that generates access permission information for the user when the authentication is successful;
A transmission unit for transmitting the generated access permission information and unlocking instruction to the gate control device;
Equipped with
A plurality of the electronic devices are installed in the room,
The access management device transmits combined access permission information generated by combining the unique information determined for each electronic device and the access permission information generated by the generation unit, to each of the plurality of electronic devices. Then
Each of the electronic devices is
A storage unit that stores the combined access permission information transmitted from the access management device as first combined access permission information;
When the second combined access permission information is generated based on the access permission information read from the storage medium and the unique information corresponding to itself, and the second combined access permission information matches the first combined access permission information And a control unit to release the locked state,
Access control system, characterized in that it comprises a. A gate control device that unlocks a gate provided in a room when a user enters the room and stores access permission information in a storage medium of the user,
An electronic device which is installed in the room, reads access permission information from the storage medium, and operates using the read access permission information;
An access management device that generates the access permission information and supplies the access control information to the gate control device;
Erasing means for erasing the access permission information from the storage medium before the user leaves the room,
Equipped with
The gate control device,
When the user enters the room, a transmission unit that reads identification information from the storage medium and transmits the identification information to the access management device,
A receiving unit that receives the access permission information and the unlocking instruction from the access management device,
A control unit that stores the access permission information in the storage medium and unlocks the gate based on the unlocking instruction;
Equipped with
The access management device,
An authentication unit that authenticates the user based on the identification information received from the gate control device;
A generation unit that generates access permission information for the user when the authentication is successful;
A transmission unit for transmitting the generated access permission information and unlocking instruction to the gate control device;
Equipped with
One or more applications are installed on the electronic device,
The access management device transmits, to the electronic device, combined access permission information generated by combining the unique information determined for each application and the access permission information generated by the generation unit,
The electronic device is
A storage unit that stores the combined access permission information transmitted from the access management device as first combined access permission information;
When the second combined access permission information is generated based on the access permission information read from the storage medium and the unique information corresponding to itself, and the second combined access permission information matches the first combined access permission information And a control unit that enables the application,
An access control system comprising: