JP6844673B2 - Electronic devices and access control programs - Google Patents

Description

The present invention relates to a method for controlling access to confidential data and devices in a security room.

Conventionally, confidential data such as personal information that can be accessed in the security room has been encrypted by a database management system. For example, Patent Document 1 discloses a database encryption system in which a user system connected to a database management system via a network determines whether or not encryption is necessary. Further, Patent Document 2 discloses a technique of restricting the viewing of an encrypted file taken out to an external storage device portable from a management server to only the user who brought out the file by biometric authentication.

Japanese Patent No. 5344109 Japanese Patent No. 5331736

However, a user registered in the system as a person with legitimate user authority can decrypt and access even encrypted confidential data, so an individual may be committed by an internal crime by a convinced criminal. Confidential data such as information may be taken out.

An object of the present invention is to prevent a person who has the authority to access confidential data in the security room from taking out the confidential data to the outside, and to control access to the device installed in the security room.

From one aspect of the present invention, the access control system is a gate control device that unlocks the gate provided in the room when the user enters the room and stores the access permission information in the user's storage medium. An electronic device installed in the room that reads access permission information from the storage medium and operates using the read access permission information, and an access management device that generates the access permission information and supplies it to the gate control device. And an erasing means for erasing the access permission information from the storage medium by the time the user leaves the room.

In the above access management system, the access management device generates access permission information for the user and transmits it to the gate control device. The gate control device unlocks the gate provided in the room and writes the access permission information in the user's storage medium. When the user holds the storage medium over the electronic device installed in the room, the electronic device reads the access permission information from the storage medium and operates by using the access permission information. The access permission information stored in the user's storage medium is deleted by the time the user leaves the room. Therefore, after leaving the room, the access permission information is not stored in the user's storage medium, and the use of the electronic device is restricted to the inside of the room.

In one aspect of the access management system, the erasing means is provided in the gate control device and erases the access permission information from the storage medium when the user leaves the room. In this aspect, since the access permission information is erased from the storage medium when the user leaves the room, a plurality of electronic devices can be used while in the room.

In another aspect of the access management system, the erasing means is provided in the electronic device, and after the electronic device reads the access permission information from the storage medium, the access permission information is read from the storage medium. Erase. In this embodiment, since the access permission information is erased from the storage medium when the user uses the electronic device, it is not necessary to provide the gate with a function for erasing the access permission information, and the gate is used as a tailgating prevention gate. You don't even have to.

In another aspect of the access control system, the electronic device is connected to a database, at least a portion of the data stored in the database is encrypted, and the electronic device has the access permission. The information is used to decrypt the encrypted data. In this aspect, the user can decrypt, view, and use the encrypted data by the access permission information stored in the storage medium while in the room. On the other hand, after the user leaves the room, the access permission information is not stored in the storage medium. Therefore, for example, even if the decrypted data is taken out of the room, the data is decrypted and viewed. Can not do it. This prevents the data from being taken out.

In another aspect of the access management system, the electronic device is normally in a locked state, and the locked state is released by inputting the access permission information to be in a usable state. As a result, only the user who has entered the room can use the electronic device.

In another aspect of the access control system, the gate control device includes a transmission unit that reads identification information from the storage medium and transmits the identification information to the access control device when a user enters the room. A receiving unit that receives the access permission information and the unlocking instruction from the access control device, and a control unit that stores the access permission information in the storage medium and unlocks the gate based on the unlocking instruction. The access management device includes an authentication unit that authenticates the user based on the identification information received from the gate control device, and a generation unit that generates access permission information for the user when the authentication is successful. And a transmission unit that transmits the generated access permission information and unlocking instruction to the gate control device. As a result, only the user who has the proper authority to enter the room can acquire the access permission information and use the electronic device.

In another aspect of the access control system, a plurality of the electronic devices are installed in the room, and the access control device uses the unique information determined for each electronic device and the generation unit. The synthetic access permission information generated by synthesizing the generated access permission information is transmitted to each of the plurality of electronic devices, and each of the electronic devices receives the synthetic access permission information transmitted from the access management device. The second synthetic access permission information is generated based on the storage unit that stores the first synthetic access permission information, the access permission information read from the storage medium, and the unique information corresponding to itself, and the second synthetic access. It includes a control unit that releases the locked state when the permission information matches the first synthetic access permission information.

In this aspect, since the synthetic access permission information generated by synthesizing the unique information determined for each electronic device and the access permission information stored in the storage medium is used, the access permission information stored in the storage medium is used. Even if there is only one, access management can be performed by using synthetic access permission information that is different for each electronic device.

In another aspect of the access management system, one or more applications are installed in the electronic device, and the access management device is provided with unique information determined for each application and the generation unit. The synthetic access permission information generated by synthesizing the generated access permission information is transmitted to the electronic device, and the electronic device transmits the synthetic access permission information transmitted from the access management device to the first synthetic access permission. The second synthetic access permission information is generated based on the storage unit that stores the information, the access permission information read from the storage medium, and the unique information corresponding to itself, and the second synthetic access permission information is the first. A control unit that enables the application to be used when the information matches the synthetic access permission information is provided.

In this aspect, since the synthetic access permission information generated by synthesizing the unique information determined for each application and the access permission information stored in the storage medium is used, the access permission information stored in the storage medium is used. Even if there is only one, access management can be performed by using synthetic access permission information that is different for each application.

In another aspect of the present invention, the electronic device capable of communicating with the access control device synthesizes the unique information determined for each of the electronic device or the application installed in the electronic device, and the unique information and the access permission information. The storage means for receiving and storing the first synthetic access permission information generated in the above-mentioned access management device, the access permission information read from the storage medium, and the unique information stored in the storage means are combined. The generation means for generating the second synthetic access permission information, and the control means for enabling the electronic device or the application when the first synthetic access permission information and the second synthetic access permission information match. It is characterized by having.

The electronic device receives the unique information determined for each electronic device or application and the first synthetic access permission information obtained by synthesizing the unique information and the access permission information from the access management device. In addition, the access permission information is read from the user's storage medium and combined with the unique information to generate the second synthetic access information. Then, when the first synthetic access permission information and the second synthetic access permission information match, the electronic device or application can be used. As a result, even when only one access permission information is stored in the storage medium, access can be managed by using synthetic access permission information that is different for each of a plurality of electronic devices or applications.

In another aspect of the present invention, the access control program executed by an electronic device including a computer and capable of communicating with the access control device is the unique information determined for each of the electronic devices or applications installed in the electronic devices. , The storage means for receiving and storing the first synthetic access permission information generated by synthesizing the unique information and the access permission information from the access management device, the access permission information read from the storage medium, and the storage means. A generation means for generating the second synthetic access permission information by synthesizing the unique information stored in the electronic device, or the electronic device or the electronic device when the first synthetic access permission information and the second synthetic access permission information match. The computer is made to function as a control means for enabling the application. By executing this access control program on a computer, the above access control can be realized.

It is a block diagram which shows the structure of the access management system which concerns on embodiment. It is a block diagram which shows the functional structure of an access management server. It is a block diagram which shows the functional structure of the electronic device in 1st Embodiment. It is a flowchart of access management processing of 1st Embodiment. It is a flowchart of another access management process of 1st Embodiment. It is a block diagram which shows the functional structure of the electronic device in 2nd Embodiment. It is a flowchart of access management processing of 2nd Embodiment. It is a flowchart of another access management process of 2nd Embodiment. An example of an access management system when using a synthetic password is shown. It is a figure explaining the synthetic password. This is an example of a display screen showing the operation of the password input application.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.

[First Embodiment]
FIG. 1 shows the configuration of the access control system according to the first embodiment of the present invention. As shown in the figure, the access management system includes a security room 10 and a server room 20. The security room 10 includes a gate 11, an entrance side reader / writer 12, an exit side reader / writer 13, a plurality of electronic devices 14, and a reader / writer 15 installed for each electronic device 14. On the other hand, in the server room 20, a database (hereinafter, also referred to as “DB”) 21, a DB management server 22, and an access management server 23 are installed. The gate 11, the entrance side reader / writer 12, the exit side reader / writer 13, the electronic device 14, and the DB management server 22 and the access management server 23 in the server room 20 are the premises LAN (hereinafter, simply referred to as simply). It is called "LAN".) It is connected so that it can communicate through 5.

The security room 10 is a room in which only users having a certain authority are allowed to enter the room, and a plurality of electronic devices 14 are installed inside the security room 10. A gate 11 is provided at the entrance of the security room 10. The gate 11 is normally locked and is unlocked when the user enters or leaves the room. An inlet side reader / writer 12 and an exit side reader / writer 13 are provided in the vicinity of the gate 11.

Users such as employees have an IC card 3 which is their own portable information storage medium. The IC card 3 is a non-contact IC card, and is actually an employee ID card, a student ID card, an ID card, or the like. The user's ID information is stored in the IC card 3. Examples of ID information are employee numbers, student numbers, and the like.

When entering the security room 10, the user holds the IC card 3 over the entrance side reader / writer 12. If the user is allowed to enter the room, the gate 11 is unlocked and the user can enter the room. Further, when the user in the security room 10 holds the IC card 3 over the exit side reader / writer 13 when leaving the room, the gate 11 is unlocked and the user can leave the room.

The electronic device 14 installed in the security room 10 is a terminal device such as a PC for accessing the database 21 in the server room 20.

On the other hand, various data are stored in the database 21 in the server room 20. At least a part of the data stored in the database 21 is confidential data such as personal information, and the confidential data is stored in a state of being encrypted by a predetermined encryption method. The DB management server 22 manages the input / output of data from the database 21 when the user in the security room 10 operates the electronic device 14 to access the database 21.

The access control server 23 manages the entry and exit of the user into the security room 10 and the use of the electronic device 14 in the security room 10. FIG. 2 shows the functional configuration of the access management server 23. The access management server 23 includes a communication unit 31, an authentication unit 32, a user DB 33, and a password generation unit 34.

The communication unit 31 communicates with various devices and devices via the LAN 5. The user DB 33 stores, for a plurality of users such as employees, attribute information such as the user's name and job title, ID information of the user, and whether or not there is an authority to enter the security room 10. The authentication unit 32 authenticates with reference to the user DB 33 based on the user's ID information. Specifically, the authentication unit 32 determines whether or not to allow the user to enter the security room 10.

The password generation unit 34 uses the electronic device 14 in the security room 10 to access the confidential data in the database 21 for the user who is admitted to the security room 10 as a result of the authentication by the authentication unit 32. Generate the password required to do so. This password is the information required to decrypt the encrypted confidential data. Specifically, when the confidential data in the database 21 is encrypted using a common encryption key, the password generated by the password generation unit 34 is the key information for decrypting the encrypted confidential data. Become. Further, when the confidential data is restricted from being viewed by a common password, the password generated by the password generation unit 34 is a password for releasing the restriction on viewing. This password is an example of the access permission information of the present invention.

FIG. 3 shows the functional configuration of the electronic device 14 set in the security room 10. In the present embodiment, the electronic device 14 is a PC for accessing the database 21.

As shown in FIG. 3, the electronic device 14 includes a communication unit 41, a password input unit 42, and a DB application 43. The communication unit 41 performs necessary communication with the access management server 23, the DB management server 22, and the like through the LAN 5. The DB application 43 is an application that operates on the electronic device 14 that is a PC and browses and uses the data stored in the database 21 in the server room 20.

The password input unit 42 temporarily stores the password given by the access control server 23 internally, and automatically inputs the password into the electronic device 14. Specifically, the password input unit 42 automatically inputs a password to the DB application 43. As described above, among the data stored in the database 21, the confidential data is encrypted. Therefore, when the user accesses the confidential data, the DB application 43 decrypts and displays the encrypted confidential data using the password entered by the password input unit 42. As a result, the user can browse and use the encrypted confidential data in the database 21.

(First Example)
Next, a first embodiment of the access management process according to the first embodiment will be described. FIG. 4 is a flowchart of the access management process according to the first embodiment. This process is executed by the entrance side reader / writer 12, the exit side reader / writer 13, the electronic device 14, the access management server 23, and the like communicating with each other through the LAN 5.

First, when the user holds the IC card 3 over the entrance side reader / writer 12, the entrance side reader / writer 12 reads the ID information from the IC card 3 (step S11) and transmits it to the access management server 23 (step S12). .. The access management server 23 refers to the user DB 33 and authenticates (step S13). That is, the access management server 23 determines whether or not the user corresponding to the ID information has the authority to enter the room. If the user does not have the authority to enter the room, the process ends. Therefore, the gate 11 does not open and the user cannot enter the security room 10.

On the other hand, if the authentication is successful, the access management server 23 generates a password (step S14), and transmits this password and the unlock instruction of the gate 11 to the entrance side reader / writer 12 (step S15).

The entrance side reader / writer 12 writes the received password on the user's IC card 3 (step S16) and unlocks the gate 11 (step S17). As a result, the user can enter the security room 10.

After that, when using the electronic device 14 such as a PC, the user holds the IC card 3 over the reader / writer 15. The reader / writer 15 reads the password from the IC card 3 and automatically inputs the password into the DB application 43 in the electronic device 14 (step S18). As described above, in the first embodiment, the password is the information necessary for decrypting the confidential data in the database 21. Therefore, when the user operates the DB application 43 and accesses the confidential data in the database 21, the DB application 43 decrypts and displays the confidential data using the entered password (step S19). In this way, the user can browse and use the confidential data stored in the database 21 in the security room 10.

When the work is completed, the user finishes the operation of the electronic device 14, proceeds to the gate 11, and holds the IC card 3 over the exit side reader / writer 13. At this time, the exit-side reader / writer 13 erases the password stored in the IC card 3 (step S20), and then unlocks the gate 11 (step S21). In this way, the user can leave the security room 10.

As described above, in the first embodiment, the password required for decrypting the confidential data in the database 21 is erased from the IC card 3 when the user leaves the security room 10. Therefore, even if the user operates the electronic device 14 to access the confidential data, saves it in a USB memory or other storage medium, and takes it out of the security room 10, the confidential data taken out is encrypted. It cannot be decrypted. Therefore, even if a user who has a legitimate use authority commits an internal crime of taking out confidential data as a convinced criminal, it is possible to prevent information leakage of the confidential data.

In the first embodiment, when the user leaves the security room 10, the password is erased when the IC card 3 is held over the exit side reader / writer 13 to unlock the gate 11. Therefore, if the user leaves the IC card 3 following another user by so-called tailgating without holding the IC card 3 over the exit reader / writer 13, the password in the IC card 3 cannot be erased. Therefore, in the first embodiment, it is preferable that the gate 11 is a tailgating prevention gate, that is, a gate that only one person can pass through.

(Second Example)
Next, a second embodiment of the access control process according to the first embodiment will be described. FIG. 5 is a flowchart of the access management process according to the second embodiment. This process is executed by the entrance side reader / writer 12, the exit side reader / writer 13, the electronic device 14, the access management server 23, and the like communicating with each other through the LAN 5.

The access control process of the second embodiment is the same as that of the first embodiment shown in FIG. 4 in steps S11 to S17, and thus the description thereof will be omitted. When the user enters the security room 10 and holds the IC card 3 over the reader / writer 15 of the electronic device 14, the reader / writer 15 reads the password from the IC card 3, and the electronic device 14 reads the read password into the DB application 43. (Step S31) and immediately erase the password from the IC card 3 (step S32). Instead, the electronic device 14 may erase the password from the IC card 3 immediately after reading the password, or the electronic device 14 may delete the password from the IC card 3 immediately after successfully logging in to the electronic device 14 using the password. You may erase the password.

After that, when the user operates the DB application 43 and accesses the confidential data in the database 21, the DB application 43 decrypts and displays the confidential data using the entered password (step S33). In this way, the user can browse and use the confidential data stored in the database 21 in the security room 10.

When the work is completed, the user finishes the operation of the electronic device 14, proceeds to the gate 11, and holds the IC card 3 over the exit side reader / writer 13. The exit-side reader / writer 13 unlocks the gate 11 (step S34). In this way, the user can leave the security room 10.

As described above, in the second embodiment, the password required for decrypting the confidential data in the database 21 is erased from the IC card 3 immediately after being input to the electronic device 14. Therefore, even if the user operates the electronic device 14 to access the confidential data, saves it in a USB memory or other storage medium, and takes it out of the security room 10, the confidential data taken out is encrypted. It cannot be decrypted. Therefore, even if a user who has a legitimate use authority commits an internal crime of taking out confidential data as a convinced criminal, it is possible to prevent information leakage of the confidential data.

In the second embodiment, when the user finishes the operation of the electronic device 14, the password of the IC card 3 has already been erased. Therefore, it is not necessary to use the gate 11 as a tailgating prevention gate. Further, the exit side reader / writer 13 does not have a function of erasing the password, and the exit side reader / writer 13 can be omitted. That is, it is possible to eliminate the need for authentication when the user leaves the room. As a result, the cost of the entire system can be reduced.

[Second Embodiment]
The overall configuration of the access management system of the second embodiment is the same as that of the first embodiment shown in FIG. Further, the functional configuration of the access management server 23 is the same as that of the first embodiment shown in FIG.

In the second embodiment, it is assumed that the electronic device 14 in the security room 10 is a device that does not access the database 21. Specifically, the electronic device 14 includes various types of electronic devices such as security lockers, printers, fax machines, and multifunction devices, in addition to terminal devices such as PCs.

FIG. 6 shows the functional configuration of the electronic device 14 in the second embodiment. As shown in the figure, the electronic device 14 includes a communication unit 41, an authentication unit 45, and a device lock unit 46. The communication unit 41 performs necessary communication with the access management server 23, the DB management server 22, and the like through the LAN 5. The authentication unit 45 performs an authentication process for determining whether or not the user has the authority to use the electronic device 14 based on the password stored in the user's IC card. The device lock unit 46 normally keeps the electronic device 14 in a locked state, and when the authentication unit 45 succeeds in authentication, the device lock unit 46 unlocks the electronic device 14 so that it can be used.

In the second embodiment, the password generation unit 34 of the access management server 23 provides the electronic device 14 in the security room 10 to the user who is admitted to the security room 10 as a result of the authentication by the authentication unit 32. Generate the password required for use. This password is an example of the access permission information of the present invention. The password generation unit 34 may always generate the same password for one user, or may generate a different password each time. Further, a password with an expiration date may be used, such as a so-called one-time password.

(First Example)
Next, a first embodiment of the access management process according to the second embodiment will be described. FIG. 7 is a flowchart of the access management process according to the first embodiment. This process is executed by the entrance side reader / writer 12, the exit side reader / writer 13, the electronic device 14, the access management server 23, and the like communicating with each other through the LAN 5.

In the access control process shown in FIG. 7, steps S11 to S17 are the same as those of the first embodiment of the first embodiment shown in FIG. 4, and thus the description thereof will be omitted. The access management server 23 transmits the generated password to the entrance side reader / writer 12 in step S15, and then transmits the generated password to each electronic device 14 (step S41). The electronic device 14 receives the password from the access management server 23 and sets it as a password for releasing the lock state by the device lock unit 46 (step S42).

A user who has an IC card 3 on which a password is written by an entrance side reader / writer 12 holds the IC card 3 over the reader / writer 15 of the electronic device 14. The password read by the reader / writer 15 from the IC card 3 is sent to the authentication unit 45 of the electronic device 14, and the authentication unit 45 authenticates the password (step S43). Specifically, the authentication unit 45 determines whether or not the password transmitted from the access management server 23 and set in step S42 matches the password read from the user's IC card 3. If both match, the authentication is successful, and the device lock unit 46 releases the lock state of the device (step S44). As a result, the user can use the electronic device 14. If the authentication is unsuccessful, the lock state of the device is not released and the user cannot use the electronic device 14.

When the work by the electronic device 14 is completed, the user proceeds to the gate 11 and holds the IC card 3 over the exit side reader / writer 13. The exit-side reader / writer 13 erases the password from the IC card 3 (step S45) and unlocks the gate 11 (step S46). As a result, the user leaves the security room 10.

In the first embodiment, the password for enabling the electronic device 14 is written on the IC card 3 by the entrance side reader / writer 12 when entering the room, and erased from the IC card 3 by the exit side reader / writer 13 when leaving the room. To. Therefore, the password is not taken out of the security room 10. Further, basically, since the user cannot view or copy the password itself in the state of being written on the IC card 3, the user cannot take it out by other storage media or memos. Therefore, the security of the electronic device 14 is ensured.

In the first embodiment, when the user leaves the security room 10, the password is erased when the IC card 3 is held over the exit side reader / writer 13. Therefore, if the user leaves the IC card 3 following another user by so-called tailgating without holding the IC card 3 over the exit reader / writer 13, the password in the IC card 3 cannot be erased. Therefore, in the first embodiment, it is preferable that the gate 11 is a tailgating prevention gate, that is, a gate that only one person can pass through.

(Second Example)
Next, a second embodiment of the access management process according to the second embodiment will be described. FIG. 8 is a flowchart of the access management process according to the second embodiment. This process is executed by the entrance side reader / writer 12, the exit side reader / writer 13, the electronic device 14, the access management server 23, and the like communicating with each other through the LAN 5.

In the access control process shown in FIG. 8, steps S11 to S17 are the same as those of the first embodiment of the first embodiment shown in FIG. 4, and thus the description thereof will be omitted. The access management server 23 transmits the generated password to the entrance side reader / writer 12 in step S15, and then transmits the generated password to each electronic device 14 (step S51). The electronic device 14 receives the password from the access management server 23 and sets it as a password for releasing the lock state by the device lock unit 46 (step S52).

A user who has an IC card 3 on which a password is written by an entrance side reader / writer 12 holds the IC card 3 over the reader / writer 15 of the electronic device 14. The password read by the reader / writer 15 from the IC card 3 is sent to the authentication unit 45 of the electronic device 14, and the authentication unit 45 authenticates the password (step S53). Specifically, the authentication unit 45 determines whether or not the password transmitted from the access management server 23 and set in step S52 matches the password read from the user's IC card 3. If both match, the authentication is successful, and the device lock unit 46 releases the lock state of the device (step S54). As a result, the user can use the electronic device 14. If the authentication is unsuccessful, the user cannot use the electronic device 14. Further, the electronic device 14 immediately erases the password from the IC card 3 (step S55).

When the work by the electronic device 14 is completed, the user proceeds to the gate 11 and holds the IC card 3 over the exit side reader / writer 13. The exit-side reader / writer 13 unlocks the gate 11. As a result, the user leaves the security room 10.

In the second embodiment, the password for enabling the electronic device 14 is written on the IC card 3 by the entrance side reader / writer 12 at the time of entering the room, and is used for the authentication process by the electronic device 14 immediately after the IC. It is erased from the card 3. Therefore, the password is not taken out of the security room 10. Further, basically, since the user cannot view or copy the password itself in the state of being written on the IC card 3, the user cannot take it out by other storage media or memos. Therefore, the security of the electronic device 14 is ensured.

In the second embodiment, when the user finishes the operation of the electronic device 14, the password of the IC card 3 has already been erased. Therefore, it is not necessary to use the gate 11 as a tailgating prevention gate. Further, since the exit side reader / writer 13 does not have a function of erasing the password, the exit side reader / writer 13 can be omitted. That is, it is possible to eliminate the need for authentication when the user leaves the room. As a result, the cost of the entire system can be reduced.

(Application example of password)
Next, an application example of the password will be described. FIG. 9 shows the configuration of an access management system that uses an application example of a password. The basic configuration is the same as the access control system shown in FIG. 1, but it is assumed that three electronic devices 14 of electronic devices A to C are installed in the security room 10. In the above embodiment, basically the same password is used for a plurality of electronic devices 14 installed in the security room 10. However, there are cases where it is desired to use a different password for each electronic device 14. In such a case, it is complicated to generate passwords different by the number of electronic devices 14 existing in the security room 10 and write them to the IC card 3, and the storage capacity of the IC card 3 is generally so large. Since there is no such thing, it may not be possible in reality.

Therefore, as shown in FIG. 10, the password is composed of a combination of a header and a password stored in the IC card 3 (hereinafter, also referred to as “password body”). Hereinafter, the password configured in this way is referred to as a "synthetic password". Here, the header part is prepared for each electronic device. For example, when there are electronic devices A to C, the header used for the electronic device A is set to "A1", the header used for the electronic device B is set to "B1", and the header used for the electronic device C is used. The header to be created is "C1". In this case, the synthetic password used for the electronic device A is "A1abcd", which is a combination of the header portion "A1" and the password body (that is, the password stored in the IC card 3) "abcd". .. Similarly, a synthetic password can be generated for the electronic device B and the electronic device C. In this way, even if only one password is stored in the IC card 3, it is possible to use a different synthetic password for each electronic device.

In the actual control, the access control server 23 determines a header for each electronic device installed in the security room 10 in advance, and notifies each electronic device of the header. For example, in the example of FIG. 10, the access control server 23 notifies the electronic device A to use the header "A1" for the electronic device A.

When the user enters the security room 10, the access management server 23 generates a password when the user's ID information transmitted from the entrance side reader / writer 12 is successfully authenticated. At this time, the password generation unit 34 of the access management server 23 first determines the password text, that is, the password to be stored in the IC card 3, and the access management server 23 transmits the password text to the entrance side reader / writer 15. As a result, the password text is written on the user's IC card 3 when the user enters the room.

Next, the password generation unit 34 synthesizes a header determined in advance for each electronic device and a password body, and generates a different synthetic password for each electronic device as shown in FIG. Then, the access management server 23 notifies each electronic device 14 of the generated synthetic password and causes the electronic device 14 to set the password. In the case of the electronic device A, the access control server 23 generates a synthetic password "A1abcd" and notifies the electronic device A to set it.

By the way, the user who has the IC card 3 in which the password body is written holds the IC card 3 over the reader / writer 15 in order to use the electronic device 14. Assuming that the user uses the electronic device A, the electronic device A synthesizes the password text (“abcd”) read from the IC card 3 by adding the header “A1” of the electronic device A. Generate the password "A1abcd". The electronic device A collates the synthetic password generated in this way with the synthetic password set in advance by the notification from the access management server 23. If the two match, the authentication is considered successful and the electronic device A can be used.

By using the synthetic password in this way, even if only one password body is stored in the IC card 3, it is possible to perform authentication using a different synthetic password for each of the plurality of electronic devices 14.

By the way, when the electronic device is a PC or the like, a plurality of applications may be installed in one electronic device. In this case, the access control server 23 may set different headers for each application and notify the electronic device of the headers and synthetic passwords for all the applications installed in the electronic device. For example, when the application A and the application X are installed in the electronic device A, the access management server 23 has a header "A1" for the application A, a synthetic password "A1abcd", and a header "X1" for the application X. The synthetic password "X1abcd" may be notified to the electronic device A. As a result, when a plurality of applications are installed in one electronic device, it is possible to authenticate using a synthetic password different for each application.

In the above example, a header is simply added to the password body to generate a synthetic password, but the method for generating the synthetic password is not limited to this. For example, the characters and numbers that make up the header and the letters and numbers that make up the password body can be combined in a more complicated order, or the numbers that make up the header and the numbers that make up the password body can be calculated in a certain way. You may generate a synthetic password.

(Password input application)
In the above example, in each electronic device 14, a header is added to the password body read from the IC card 3 to generate a synthetic password, which is automatically input to the application running on the electronic device 14. That is, when the user holds the IC card 3 over the reader / writer 15, a header is added to the password text read from the IC card 3 by the electronic device 14 to generate a synthetic password, and the generated password is internally stored. Automatically enter information for unlocking electronic devices and application login information using the software of.

Instead, a password input application that generates a synthetic password in the electronic device and executes the process of setting it in the login information of the application is prepared in the electronic device as a resident application, and the electronic device is unlocked by the user's operation. You may also enter information for the application or login information for the application. FIG. 11 shows an example of an operation screen by such a password input application.

FIG. 11 is an example of a display screen when the electronic device A is a PC, and the icon 53 of the password input application, which is a resident application, is displayed. Further, it is assumed that the application X and the application Y are installed in the electronic device A in addition to the application A. In this case, the electronic device A is set with headers (for example, "A1", "X1", "Y1") for applications A, X, and Y.

When the user holds the IC card 3 over the reader / writer 15, the password input application is started on the PC, which is an electronic device, and the icon 53 is displayed. Further, when the user starts the application A and the application X running on the electronic device A, the login window 51 of the application A and the login window 52 of the application X are displayed.

When logging in to the application A, the user first manually inputs his / her ID information in the ID field in the login window 51 of the application A.

Next, when the user clicks the password input application icon 53, the password input application window 54 is displayed. In this window 54, the icons 55a, 55x, 55y corresponding to the applications A, X, and Y installed in the electronic device A are displayed. In order to use the application A, the user drags the icon 55a corresponding to the application A and drops it in the password field of the window 51 of the application A. As a result, the password input application generates a synthetic password "A1abcd" that is a combination of the header "A1" of the application A and the password body "abcd" read from the IC card 3, and is used as the password for the login information of the application A. input. By installing the password input application as a resident application in the electronic device in this way, it is possible to input a synthetic password into each application and log in by the user's operation. If the user wants to log in to the application X, similarly, manually enter his / her own ID information in the ID field of the login window 52 of the application X, and enter the icon 55x of the application X in the window 54 as the password of the login window 52. Just drag and drop it into the field.

In the example of FIG. 11, one resident application corresponding to all applications is prepared, but an individual application may be started for each application. That is, in the example of FIG. 11, when the application A is started, the window 54 containing only the icon 55a corresponding to the application A is displayed, and when the application X is started, the window 54 containing only the icon 55x corresponding to the application X is displayed. May be displayed.

In this example, the ID information in the login window 51 of the application A is not automatically input from the IC card 3 as described above, but is manually input by the user. In this way, for example, even if the user loses the IC card 3 and another person who picks up the IC card 3 enters the security room 10 and tries to operate the electronic device A or the application A, the user is the user. You cannot log in to application A because you do not know the ID information and cannot enter it manually. That is, it is possible to prevent a third party who illegally obtains another person's IC card from impersonating that person and operating the electronic device 14 in the security room 10.

[Modification example]
In the above embodiment, the password is used as the access permission information, but the access permission information in the present invention is not limited to the password. For example, attributes such as the user's job title may be used as access permission information.

In the above embodiment, the IC card 3 is used as the storage medium possessed by the user, but the storage medium in the present invention can write and read data in a non-contact manner such as an IC card and an IC tag. Various media can be used.

In the above embodiment, the gate 11, the entrance side reader / writer 12, the exit side reader / writer 13, the electronic device 14, and the DB management server 22 and the access management server installed in the server room 20 are installed in the security room 10. Although the 23 is connected by one LAN 5, the LAN for the electronic device to access the database 21 and the LAN for access management may be independently configured. That is, for access management that connects the access management server 23, the gate 11, the entrance side reader / writer 12, the exit side reader / writer 13, and the electronic device 14 separately from the LAN that connects the electronic device 14 and the DB management server 22. LAN may be provided.

10 Security Room 11 Gate 12 Entrance Reader / Writer 13 Exit Reader / Writer 14 Electronic Equipment 15 Reader / Writer 20 Server Room 21 Database 22 DB Management Server

Claims (2)

An electronic device that can communicate with an access control device
Receives from the access management device the unique information determined for each of the electronic device or the application installed in the electronic device, and the first synthetic access permission information generated by synthesizing the unique information and the access permission information. And the memory means to memorize
A generation means for generating the second synthetic access permission information by synthesizing the access permission information read from the storage medium and the unique information stored in the storage means.
A control means that enables the electronic device or the application to be used when the first synthetic access permission information and the second synthetic access permission information match.
An electronic device characterized by being equipped with. An access control program that is run by an electronic device that has a computer and can communicate with the access control device.
Receives from the access management device the unique information determined for each of the electronic device or the application installed in the electronic device, and the first synthetic access permission information generated by synthesizing the unique information and the access permission information. Memories to remember,
A generation means for generating a second synthetic access permission information by synthesizing the access permission information read from the storage medium and the unique information stored in the storage means.
A control means that enables the electronic device or the application to be used when the first synthetic access permission information and the second synthetic access permission information match.
An access control program characterized in that the computer functions as a computer.

Images