CN1991917A - ID management device, ID management system and ID management method - Google Patents
ID management device, ID management system and ID management method Download PDFInfo
- Publication number
- CN1991917A CN1991917A CN 200610168636 CN200610168636A CN1991917A CN 1991917 A CN1991917 A CN 1991917A CN 200610168636 CN200610168636 CN 200610168636 CN 200610168636 A CN200610168636 A CN 200610168636A CN 1991917 A CN1991917 A CN 1991917A
- Authority
- CN
- China
- Prior art keywords
- district
- attribute
- access door
- input
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Time Recorders, Dirve Recorders, Access Control (AREA)
- Lock And Its Accessories (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Saving the input personal identification ID and personal attribute information corresponding to the ID into a database 21 of ID. Saving the input personal attribute and region information corresponding to the attribute into the database 23 of regions and attributes contained in database 22 of a security policy. Saving the input region and the information of an electronic lock of gate setting corresponding to the access of region into the database 24 of regions and electronic locks contained in the database 22 of security policy. Then, generating data representing the personal ID and the list of ID and electronic locks of region gate that can pass with the ID from all informations of security policy database 22 and ID database 21, and setting the data in the toll bar gate control for controlling the locking and unlocking of electronic locks.
Description
Technical field
The present invention relates to device, system and method that the management of monobasic ground is used for the access door.
Background technology
Be identified the ID of the identifier of body as use, carry out safety technique, the custodian of record in the following patent documentation 1 or the thing access management system to the discrepancy of given area is for example arranged the Access Management Access of access door.This access management system is gone up electronic lock of being provided with card reader terminal, constitute with the central processing unit that each card reader terminal is connected by network by each of each zone of buildings.Read the electronic lock controlled member made of the corresponding electronic lock of card reader, the control of this ID from the card that writes down individual ID in the card reader terminal setting.The comparison parts that could pass through of judging each zone are set at central processing unit, write down the user attribute table of each individual ID and the attribute corresponding with this ID, write down each regional ID and the area attribute corresponding and permission or the personal attribute's that no through traffic area attribute table with this ID, write down each individual ID and each regional ID current could the current of relation could show, generate and manage the current table management component that could show with reference to user attribute table and area attribute table, setting interface to described each table input data.
In described access management system, in the time of usually, electronic lock controlled member made is locked the electronic lock of the door in corresponding zone, makes and can't come in and go out.When requiring to come in and go out, if read the ID that writes down in the card that the user holds by the card reader of correspondence, the ID in the individual's who reads ID and corresponding zone just sends to central processing unit from card reader terminal.If by central processing unit reception user's the ID and the ID in zone, compare parts and just could show to judge whether to allow to pass through with current from this user's the ID and the ID in zone.Then, only, receive that the electronic lock controlled member made of this signal is unblanked the electronic lock of the door in corresponding zone, make and can open, the user can be come in and gone out allowing to send unlocking signal from central processing unit reading card device terminal when current.
[patent documentation 1] spy opens the 2004-19339 communique
Summary of the invention
In the such conventional art of above-mentioned patent documentation 1, the supvr of system imports each individual attribute to each individual ID, each regional ID is imported each regional attribute and permission or the personal attribute that no through traffic, according to this input information, central processing unit set each individual ID and each regional ID current could relation.Therefore, at number of users for a long time, with the supvr directly import each individual ID and each regional ID current could relation compare, can alleviate the numerous and diverse and burden of gerentocratic setting operation., in the zone of Access Management Access object for a long time, the supvr must be to the attribute of each ID input area of Zone Full and permission or the personal attribute that no through traffic, so for the supvr, it is numerous and diverse to set operation, burden is big.In addition, for the attribute of setting regions meticulously and permission or the personal attribute that no through traffic, the level that the supvr must correctly know Zone Full and personal attribute constitutes, be defined as the attribute of the horizontal input area from higher level to the subordinate and individual's attribute, so for the supvr, very difficulty is born greatly, can't be set to too thin level.Input information for each regional ID is various, is difficult to set for the supvr, and is mistaken setting easily.
The present invention solves described problem, and its purpose is that the visit of setting ID and access door easily and at length could concern.
ID management devices of the present invention has: from the identifier that is identified body of input be ID, the attribute corresponding with the ID that is identified body, with the corresponding district of the attribute that is identified body, with each information of distinguishing corresponding access door, generation represents to be identified the ID of body and the generation parts of the data of the corresponding relation of the access door that can visit with this ID; In access door, set set parts by the data that generate the parts generation.
If like this, the supvr can resemble for the ID that is identified body the ID management devices, the attribute that is identified body that input is corresponding, for the attribute that is identified body, what input was corresponding can visit the district that maybe can not visit, and for the district, the access door of input correspondence is such, 1 pair 1 related input in ground respectively, according to this input information, generate that expression is identified the ID of body and the data of the corresponding relation of the access door that can visit with this ID, in access door, set.Therefore, in the quantity that is identified body and access door for a long time, input information can not become various yet during setting, and the visit that can set ID and access door easily could concern, can alleviate the numerous and diverse and burden of gerentocratic setting operation, can prevent to set mistake.In addition, want to produce related attribute that is identified body and district by suitable assurance, related input can be set the ID corresponding with the attribute that is identified body in detail and could concern with the visit of the corresponding access door in this district.Therefore, need not be as patent documentation 1, correctly know the attribute that all is identified body and the level in district and constitute, be defined as attribute and district that level input from higher level to the subordinate is identified body, can further alleviate gerentocratic burden.
In addition, in one embodiment of the invention, in described ID management devices, the district expands into the tree structure of a plurality of levels, in any one of a plurality of levels, can both with the Attribute Association that is identified body.
In view of the above, can be in various levels, easily and at length with the Attribute Association setting district that is identified body.In addition, the district of higher level's level be identified the Attribute Association of body, setting principle the district of subordinate's level and the Attribute Association that is identified body, is set exception, can easier and at length set, and can prevent to set wrong and forgets setting.
In addition, in one embodiment of the invention, in described ID management devices, the attribute that is identified body expands into the tree structure of a plurality of levels, a plurality of levels arbitrarily in can both be related with the district.
In view of the above, can set the attribute that is identified body with the Attribute Association that is identified body easily and at length in various levels.In addition, related the attribute that is identified body of higher level's level with the district, setting principle, related the attribute that is identified body of subordinate's level with the district, set exception, can easier and at length set, can prevent the setting mistake and forget setting.
In addition, in one embodiment of the invention, in described ID management devices, generate parts about certain access door, when having the antagonistic relations that can visit and can not visit, make can not access relation effective.Perhaps the relation of enable access is effective.
Make when can not access relation effective in employing, related the attribute that is identified body of higher level's level with the Qu Yuneng visit, setting principle, the attribute that is identified body of subordinate's level with the district with can not visit related, set exception, thereby the visit that can easily not set ID and access door could concern with omitting, can improve security level.In addition, when the relation of employing enable access is effective, the attribute that is identified body of higher level's level with the district with can not visit related, setting principle, related the attribute that is identified body of subordinate's level with the Qu Yuneng visit, set exception, thus can be easily not with omitting the visit of setting ID and access door could concern, can improve security level.
In addition, ID management devices of the present invention has: respectively input be identified the identifier of body ID and the attribute corresponding with this ID, be identified body attribute and with the corresponding district of this attribute, district and with the input block of the corresponding access door in this district; Store respectively by the ensemble of communication of the ID that is identified body of input block input and the attribute corresponding with this ID promptly first database, be identified body attribute and with the ensemble of communication in the corresponding district of this attribute promptly second database, district and with the ensemble of communication of the corresponding access door in this district be the memory unit of the 3rd database; From the information of each database, generate that expression is identified the ID of body and the generation parts of the data of the corresponding relation of the access door that can visit with this ID; Set up an office by the set parts of the data that generate the parts generation in access door.
If like this, the supvr uses input block, can resemble for the ID that is identified body, the attribute that is identified body that input is corresponding, for the attribute that is identified body, what input was corresponding can visit the district that maybe can not visit, for the district, the access door of input correspondence is such, 1 pair 1 related input in ground respectively, thus can register this input information respectively at first~the 3rd database.And, by generating parts,, generate the data that expression is identified ID with the corresponding relation of the access door that can visit of body according to the register information of each database, in access door, set.Therefore, in the quantity that is identified body and access door for a long time, input information can not become various yet during setting, can set easily, can alleviate the numerous and diverse and burden of gerentocratic setting operation, can prevent to set mistake.In addition, want to produce related attribute that is identified body and district by suitable assurance, related input can be set the ID corresponding with the attribute that is identified body in detail and could concern with the visit of the corresponding access door in this district, can further alleviate gerentocratic burden.
In addition, ID management system of the present invention is identified the ID management devices of ID of the identifier of body by management, the access door that use is identified the ID visit of body constitutes, the ID management devices is from the ID that is identified body of input, the attribute corresponding with the ID that is identified body, the district corresponding with the attribute that is identified body, each information of the access door corresponding with the district, the data of the corresponding relation of the access door of producing ID that expression is identified body and can visit with this ID, in access door, set these data, access door is according to the ID that is identified body of input, by the data that the ID management devices is set, make visit become possibility or impossible based on this ID.
If like this, the supvr can resemble for the ID that is identified body the ID management devices, the attribute that is identified body that input is corresponding, for the attribute that is identified body, what input was corresponding can visit the district that maybe can not visit, for the district, the access door of input correspondence is such, 1 pair 1 related input in ground respectively, thus can be at the ID management devices, according to each input information, generate the data that expression is identified ID with the corresponding relation of the access door that can visit of body, in access door, set.Therefore, can allow or forbid visit with access door based on the ID that is identified body.Therefore, in the quantity that is identified body and access door for a long time, input information can not become various yet during setting, can set easily, can alleviate the numerous and diverse and burden of gerentocratic setting operation, can prevent to set mistake.In addition, want to produce related attribute that is identified body and district by suitable assurance, related input can be set the ID corresponding with the attribute that is identified body in detail and could concern with the visit of the corresponding access door in this district, can further alleviate gerentocratic burden.
ID management method of the present invention from the ID of the identifier that is identified body of input, the attribute corresponding with the ID that is identified body, be identified body the corresponding district of attribute, with each information of distinguishing corresponding access door, generate that expression is identified the ID of body and the data of the corresponding relation of the access door that can visit with this ID, these data of setting in access door.
If like this, can resemble for the ID that is identified body, the attribute that is identified body that input is corresponding, for the attribute that is identified body, what input was corresponding can visit the district that maybe can not visit, for the district, the access door of input correspondence is such, and 1 pair 1 related input in ground respectively is according to this input information, generate the data that expression is identified ID with the corresponding relation of the access door that can visit of body, in access door, set.Therefore, in the quantity that is identified body and access door for a long time, input information can not become various yet during setting, can set easily, can alleviate the numerous and diverse and burden of gerentocratic setting operation, can prevent to set mistake.In addition, want to produce related attribute that is identified body and district by suitable assurance, related input can be set the ID corresponding with the attribute that is identified body in detail and could concern with the visit of the corresponding access door in this district, can further alleviate gerentocratic burden.
According to the present invention, resemble for the ID that is identified body, the attribute that is identified body that input is corresponding, for the attribute that is identified body, what input was corresponding can visit the district that maybe can not visit, for the district, the access door of input correspondence is such, 1 pair 1 related input in ground respectively, according to this input information, generate that expression is identified the ID of body and the data of the corresponding relation of the access door that can visit with this ID, in access door, set, so can set in the quantity that is identified body and access door for a long time, the visit of ID and access door easily could concern
Description of drawings
Following brief description accompanying drawing.
Fig. 1 is the figure of the hardware configuration of expression ID management system.
Fig. 2 is the figure of the software configuration of expression ID management system.
Fig. 3 is the figure of the DB of the DB of ID of expression embodiment 1 and SC policy.
Fig. 4 is the figure of an example of the data that comprise among the DB of ID of expression embodiment 1.
Fig. 5 is the figure of ID and the example that EK tabulates of expression embodiment 1.
Fig. 6 is expression individual's the program flow diagram that appends and reform and abolish step.
Fig. 7 is the program flow diagram of the generation step of expression ID and EK tabulation.
Fig. 8 is appending of expression SC policy and reforms the program flow diagram of abolishing step.
Fig. 9 is the program flow diagram with step of updating of appending of expression ID and EK tabulation.
Figure 10 is the program flow diagram of the current qualification determination step of the individual ID of expression.
Figure 11 is the figure of the DB of the DB of ID of expression embodiment 2 and SC policy.
Figure 12 is the figure of an example of representation attribute tree construction data.
Figure 13 is the figure of an example of representation attribute tree construction data.
Figure 14 is the figure of an example of representation attribute tree construction data.
Figure 15 is the figure of an example of representation attribute tree construction data.
Figure 16 is the figure of an example of representation attribute tree construction data.
Figure 17 is the figure of an example of expression district tree construction data.
Figure 18 is the figure of an example of expression district, door, EK corresponding data.
Figure 19 is the figure of an example of expression district, door, EK corresponding data.
Figure 20 is the figure of an example of expression district, door, EK corresponding data.
Figure 21 is the figure of an example of representation attribute, district's corresponding data.
Figure 22 is the figure of an example of representation attribute, district's corresponding data.
Figure 23 is the figure of an example of representation attribute, district's corresponding data.
Figure 24 is the figure of an example of representation attribute, district's corresponding data.
Figure 25 is the figure of an example of representation attribute, district's corresponding data.
Figure 26 is the figure of an example of representation attribute, district's corresponding data.
Figure 27 is current matrix and the ID of expression embodiment 2 and the program flow diagram of the generation step that EK tabulates.
Figure 28 is the figure of the current example that could concern of expression ID, attribute, door, EK.
Figure 29 is the figure of the current example that could concern of expression ID, attribute, door, EK.
Figure 30 is the figure of the current example that could concern of expression ID, attribute, door, EK.
Figure 31 is the figure of an example of the current matrix of expression.
Figure 32 is the ID of expression embodiment 2 and the figure of EK tabulation.
Figure 33 is current matrix and the ID of expression embodiment 3 and the program flow diagram of the generation step that EK tabulates.
The explanation of symbol.
The 1-ID management system; The 2-ID management devices; The 3-management devices that passes through; The 4-server; The 5-client computer; 7-CGC; 8-EK; 9-CR; 11-ID manages application program; 12-SC policy management program; The generation PG of 15-ID and EK tabulation; PG is judged in the current qualification of 17-ID; 20-ID and EK tabulation; The DB of 21-ID; The DB of 22-SC policy; The DB in 23-attribute and district; The DB of 24-district and EK.
Embodiment
Below, with reference to accompanying drawing, the embodiment of the invention is described.Fig. 1 is the figure of hardware configuration of the ID management system of the expression embodiment of the invention.ID management system 1 is to use the ID of the identifier that is identified body, and management is to an example of the security system of the visit of access door.In the present embodiment, in order to manage passing through in the office building of company, utilization ID management system 1 in enterprise.ID management system 1 roughly is made of ID management devices 2 and current management devices 3.ID management devices 2 is made of server 4 and client computer 5.Current management devices 3 is made of terminal control unit (below be called " TC ") 6, toll bar controller 7 (below be called " CGC "), electronic lock 7 (below be called " EK ") 8, card reader (below be called " CR ") 9.
Each gateway of distinguishing at the office building of managing current company is provided with door, EK8, CR9.Be that EK8, CR9 are in each setting, in pairs.By EK8 is unblanked or locks, the opening that the door of this EK8 is set become may or impossible, allow or forbid being provided with gateway current in this district.The current gateway of management is an example of access door.Card 10 is made of magnetic card, contact or contactless IC-card or magnetic IC-card.Card 10 is respectively held in one's own possession by waiting from the employee.Record individual's ID in information recording parts such as card 10 magnetic stripe or IC.CR9 contacts or noncontact with card 10, reads individual's ID from the information recording part of this card 10.A plurality of CGC7 are set.The EK8 and the CR9 that connect given number at each CGC7 respectively.The EK8 of each CGC7 control linkage and the action of CR9.TC6 is connected with each CGC7.In addition, TC6 is connected with server 4 and client computer 5 by network.TC6 sends the data of passing on from server 4 to each CGC7.At server 4, individual's ID, with individual's the corresponding attribute of ID, with the corresponding district of individual's attribute, with distinguish corresponding, each information of EK8 and store with the database form.Be that server 4 centralized managements are used to open the respectively individual's of the gate open row of the gateway in district ID.Client computer 5 is made of PC.Client computer 5 is used for described each information of server 4 inputs, registration.
Fig. 2 is the figure of the software configuration of expression ID management system.In the client computer 5 of ID management devices 2, embed ID management application program 11, security policy management application program 12.Below, application program is called application, safety policy is called " SC policy ".ID management application program 11 is set individual's ID, to this ID input individual's attribute information.SC policy management application program 12 is used to import the SC policy, and promptly individual's attribute, district, door, the corresponding relation of EK8, each constituent relation, what kind of people can distinguish current condition at which.
Server 4 keeps the database 21 of ID, the database 22 of SC policy.Following database is called " DB ".The DB21 of ID is the set by the individual's of ID management application program 11 inputs ID and the attribute corresponding with this ID.The DB22 of SC policy is the set by the SC policy of SC policy management application program 12 inputs.In addition, in server 4, embed individual's the generator program 15 that appends and reform abolishment program 14, ID and EK tabulation that appends and reform abolishment program 13, SC policy.Following program is called " PG ".The individual appends and reforms and abolish the DB21 of PG13 to ID, append ID and attribute by the individual of ID management application program 11 inputs, or the individual's who has existed ID and attribute is abolished in reform.Appending and reforming and abolish the DB22 of PG14 to the SC policy of SC policy append the SC policy by 12 inputs of SC policy management application program, or the SC policy that has existed abolished in reform.The generation PG15 of ID and EK tabulation is from the register information of the DB22 of the DB21 of ID and SC policy, generate the expression individual ID and the setting of the gateway in the district that can pass through with this ID the ID of corresponding relation of EK8 and the data that EK tabulates.
The ID that is generated by the generation PG15 of ID and EK tabulation and the data of EK tabulation transfer to CGC7 from server 4 by TC6, set (storing in the storage part such as mounted memory among the CGC7) in CGC7.Be that CGC7 keeps tabulating 20 from ID and EK that server 4 passes on.In addition, in CGC7, embed appending and upgrading the current qualification of PG16, ID and judge PG17 of ID and EK tabulation.The appending and upgrade ID and EK tabulation of PG16 to(for) ID that has existed that keeps and EK tabulation 20 appended the ID that passes on from server 4 and the data of EK tabulation, or upgrades the data that existed of ID and EK tabulation 20.The current qualification of ID judge PG17 according to by CR9 from the ID, the ID that block 10 individuals that read and the data of EK tabulation 20, judge that whether this ID has the qualification of the gateway in the current district corresponding with this CR9, according to this result of determination, unblanks the EK8 of correspondence or lock.
Below with reference to Fig. 3~Figure 10 embodiment 1 is described.The flow process of the base conditioning of embodiment 1 expression ID management system 1.The figure of the DB21 of Fig. 3 ID that to be expression kept by server 4 and the DB22 of SC policy.The DB21 of ID is by a plurality of data of individual's ID and the Attribute Association corresponding with this ID are constituted.Fig. 4 is the figure of an example of the data that comprise among the DB21 of expression ID.Individual's ID is represented by numbering, thereby can discern each individual.Corresponding individual's attribute is individual's name, affiliated work position, post, contract form, sex, affiliated various personal information such as group.The DB22 of SC policy is made of the DB23 in attribute and district and the DB24 of district and EK as shown in Figure 3.The DB23 in attribute and district by certain attribute of individual with corresponding pass through or impassablely distinguishing related a plurality of data and constitute of this attribute.The DB24 of district and EK is by the related a plurality of data of the pairing EK8 of door of each district and the gateway that is arranged on each district are constituted.Each district and each EK8 are distributed numbering, thereby can discern separately.
Fig. 6 is the program flow diagram that appends and reform and abolish step that the individual is carried out in expression.The control parts of installing in the server 4 such as CPU are according to appending and reforming and abolish each processing of PG1S execution.The supvr of ID management system 1 operates client computer 5, if by the new register information or the registration modification information of ID management application program 11 input individuals' ID and the attribute corresponding, just import the information (step S1) of these ID and attribute from 5 pairs of servers of client computer 4 with this ID.Therefore, server 4 is the DB21 (step S2) of the information stores of this ID and attribute to ID.At this moment, when the individual's of input the ID and the information of attribute are new register informations, this new register information newly is appended to the DB21 of ID.In addition, when the individual's of input the ID and the information of attribute are the registration modification information, cover the registration modification information of input on the individual's who in the DB21 of ID, has registered the ID and the information of attribute, the change of registration content.After the storage, generate the ID and the EK tabulation (step S3) of the corresponding ID of input from the register information of the DB22 of the DB21 of ID and SC policy.The details of this processing is described in the back.If generate the ID and the EK tabulation of corresponding ID, just the data of this tabulation are passed on to CGC7 via TC6, set (step S4) end process.
Fig. 7 is the program flow diagram of the generation step of expression ID and EK tabulation.This step is the detailed step of the step S23 of the step S3 of Fig. 6 and Fig. 8 of describing later.The control part of server 4 is carried out each processing according to the generation PG15 of ID and EK tabulation.At first, from the DB21 retrieval corresponding ID of ID, read the attribute corresponding (step S11) with corresponding ID.Corresponding ID is the individual's that imports among the step S1 of Fig. 6 ID or as described later, the individual's of appointment ID successively in the step S23 of Fig. 8.If read attribute, the attribute of reading among the DB23 searching step S11 in attribute that comprises from the DB22 of SC policy and district is read the transitable district (step S12) corresponding with this attribute with that.The district of from the DB24 searching step S12 of district and EK, reading, the numbering (step S13) of reading the EK8 corresponding with this district.Then, generate the ID and the EK tabulation (step S14) of corresponding ID, end process from the numbering of corresponding ID and the EK8 that reads.
Fig. 5 is the figure of an example of the ID that generates in the described step of expression and EK tabulation.For example, the corresponding ID of input is the DB21 from ID shown in Figure 3 when beginning the ID of first row, and at first the DB21 from ID reads the attribute corresponding with corresponding ID.Then, the DB23 in dependency and district on begin the 3rd row and read the district that can pass through corresponding with this attribute of reading.Then, the DB24 from district and EK begins the 1st capable and the 2nd capable numbering of reading the EK8 corresponding with this attribute of reading.In view of the above, as shown in Figure 5, list 4 of " EK01 ", " EK11 " that are provided with in the district that can pass through with corresponding ID, " EK12 ", " EK13 " etc., this corresponding relation becomes the ID and the EK tabulation of corresponding ID.
Fig. 8 is the program flow diagram that appends and reform the step of abolishment that the SC policy is carried out in expression.The control part of server 4 is abolished PG14 and is carried out each and handle according to appending and reforming of SC policy.The supvr operates client computer 5, if imported the new register information of SC policies or registered modification information by SC policy management application program 12, the information of this SC policy is just from 4 inputs (step S21) of 5 pairs of servers of client computer.Therefore, server 4 the information stores of this SC policy at the DB22 of SC policy (step S22).At this moment, when the information of the SC policy of input is new register information, just this new register information newly is appended to the DB22 of SC policy.In addition, when the information of the SC policy of input is the registration modification information, cover the registration modification information of input on the information of the SC policy of just in the DB22 of SC policy, having registered, the change of registration content.After the storage, just generate ID and the EK tabulation (step S23) of the whole ID that store the DB21 of ID from the register information of the DB22 of the DB21 of ID and SC policy.Particularly, read ID one by one, be appointed as corresponding ID,, generate ID and the EK tabulation of whole ID by carrying out the step of above-mentioned Fig. 7 repeatedly from the DB21 of ID.If generate ID and the EK tabulation of whole ID, just the data of this tabulation are passed on to CGC7 via TC6, set (step S24) end process.
Fig. 9 is the program flow diagram with step of updating of appending that ID and EK tabulation is carried out in expression.Control parts such as the CPU that installs among the CGC7 append and upgrade PG16 according to ID and EK tabulation, carry out each and handle.If the processing of the step S24 of the step S4 by above-mentioned Fig. 6 or Fig. 8, from the data (step S31) of server 4 input ID and EK tabulation, CGC7 just reads in the data (step S32) of this input.Whether then, retrieve the input ID (step S33) that comprises the data of these inputs from the ID that has existed and the EK tabulation 20 that keep, judging has input ID (step S34).Here, if in ID and EK tabulation 20, input ID (step S34:YES) is arranged, just cover the data of input on the data of ID that has promptly set in the corresponding place of the ID that has existed and EK tabulation 20 and EK8, upgrade setting content (step S35), end process.If in ID that has existed and EK tabulation 20, do not import ID (step S34:NO), just ID and EK tabulation 20 are appended input ID (step S36), end process.
Figure 10 is the program flow diagram of the current qualification determination step of the individual ID of expression.The control part of CGC7 is judged PG17 according to the current qualification of ID, carries out each and handles.Usually the time, do not require that promptly CGC7 locks to the EK8 of the gateway in this district, and door can not be opened when district current, forbid current to this district.Under this state, if make the ID of corresponding CR9 reading requirement record in the current card that the people held 10 in this district, then the ID of this card that reads 10 imports (step S41) from this CR9 to CGC7.Therefore, CGC7 differentiates the numbering (step S42) of the EK8 corresponding with this CR9 from the CR9 of input ID.Then, from the numbering (step S43) of the EK8 of the ID of the ID that keeps and EK tabulation 20 retrieval inputs and differentiation, judge whether this ID has the qualification (step S44) of the gateway in the current district that this EK8 is set.Here, the numbering that in the corresponding place of ID and EK tabulation 20 promptly is illustrated in the data of EK8 of gateway setting in the district that the ID with input can pass through, has the EK8 of differentiation, just be judged to be and have current qualification (step S44:YES), just the EK8 that differentiates unblank (step S45), end process.In view of the above, corresponding door becomes and can open, and allows current to the district of correspondence.And if not have the numbering of the EK8 that differentiates in the corresponding place of ID and EK tabulation 20, just being judged to be not have current qualification (step S44:NO), lock (the step S46) of the EK8 of continuation differentiation, end process.In view of the above, corresponding door becomes and can not open, and passing through to the district of correspondence forbidden in maintenance.
If above embodiment 1, then the supvr is by 5 pairs of servers 4 of client computer, resemble ID for the individual, the individual's that input is corresponding attribute, for individual's attribute, what input was corresponding can visit the district that maybe can not visit, for the district, the corresponding EK8 of input is such, and 1 pair 1 related input in ground is respectively registered each input information respectively at the DB21 of the ID of server 4 and the DB22 of SC policy.Then,, generate expression individual's ID and the ID of the corresponding relation of the EK8 of the gateway in the district that can pass through with this ID and the data that EK tabulates, these data are set in CGC7 at the register content of server 4 according to the DB22 of the DB21 of ID and SC policy.Therefore, require to the district current the time, according to numbering, the ID of setting and the data of EK tabulation at the EK8 of the correspondence of the ID of CGC7 by the individual of CR9 input, differentiation, corresponding EK8 is unblanked or locks, make corresponding door open may or impossible, make to the district current may or impossible.
Therefore, the quantity of the gateway in the district of individual and current management object for a long time, input information can not become various yet during setting, the current of gateway that can set ID and district easily could concern, numerous and diverse and the burden of gerentocratic setting operation can be alleviated, mistake can be prevented to set.In addition, suitable assurance wants to produce related individual's attribute and district, and related input can be set the ID corresponding with the attribute that is identified body in detail and the passing through of gateway that be provided with the corresponding EK8 in this district could concern.Therefore, need not correctly know whole individuals' the attribute and the level in district and constitute, be defined as attribute and the district of the level input individual from higher level to the subordinate, can further alleviate gerentocratic burden as patent documentation 1.
Below with reference to Figure 11~Figure 32 embodiment 2 is described.Embodiment 2 is expression detailed process flow processs when inheriting the SC policy of ID management system 1.The figure of the DB21 of Figure 11 ID that to be expression kept by server 4 and the DB22 of SC policy.In the DB21 of ID, comprise a plurality of ID and the attribute corresponding data of individual's ID and the Attribute Association corresponding with this ID.The attribute corresponding and same (with reference to Fig. 4) illustrated in fig. 4 with individual's ID.The DB22 of SC policy is made of the DB23 in attribute and district and the DB24 of district and EK.In present embodiment 2, the DB23 in attribute and district as described later, comprises a plurality of attribute tree construction datas that expression expands into individual's attribute the tree structure (stratum) of a plurality of levels.At the DB24 of district and EK, as described later, comprise a plurality of district tree structure secretaries that expression expands into the district tree structure of a plurality of levels.In addition, in the DB23 in attribute and district, comprise the personal attribute of any one level with corresponding the passing through or a plurality of attributes and district's associated data that the district of impassable any one level is related of this attribute.Be that the personal attribute can be related in any level with the district.In addition, in the DB24 of district and EK, comprise door a plurality of districts and door and the EK data related that the gateway in each He Ge district, district is provided with EK8.Each and EK8 are distributed numbering, thereby can discern separately.
Figure 12~Figure 16 is the figure of an example of the attribute tree construction data that comprises among the DB23 in representation attribute and district.Figure 12 represents one of personal attribute's the example of tree structure in " work position ".Departments such as " mechanism of main office ", " business ", " exploitation ", " manufacturing ", " quality assurance " belong to " work position ".Sections such as " secretariate division ", " advertisement ", " comprehensively " belong to " mechanism of main office ".As shown in the figure, belong to other departments for the section of determined number." A " (other several people) belong to " secretariate division ".As shown in the figure, the several people belongs to other sections.The supvr operates client computer 5, by SC policy management application program 12 each one of input and the information that belongs to each section of each one.At this moment, for input information does not mix,, can only import the information of low 1 grade of level to the information of higher level's level.The DB21 of the control part of server 4 retrieval ID extracts individual's the information (name) of each section that expression belongs to the level of subordinate out, to this data input.Therefore, the supvr need not a people one people input.
Figure 13 represents one of personal attribute's the example of tree structure of " post ".Higher level's level of " post " is " regular employee "." director ", " cause minister ", " minister ", " section chief ", " it is long to handle affairs ", " leader " etc. are arranged in the post of " regular employee "." section chief " has " E ", " G ", " I ", " J ", " K " etc.Other posts have several people to serve as shown in the figure.The information of post is by 12 inputs of SC policy management application program.The DB21 of the control part of server 4 retrieval ID extracts individual's the information of each post of the level that belongs to subordinate out, to this data input.
Figure 14 represents one of personal attribute's the example of tree structure of " contract form ".Higher level's level of " contract form " is " office worker ".In " office worker ", comprise " regular employee ", " sending the office worker ", " contract office worker ", " part-time ", " sparetime " etc.The office worker that " sending the A of company ", " sending the B of company ", " sending the C of company " are arranged in " sending the office worker "." contract office worker " has the office worker to the contract company of determined number as shown in the figure.For example the office worker who " sends the A of company " is " V " (other are several).Other contract forms have the several people to belong to also as shown in the figure.The supvr is by the information of SC policy management application program 12 input contract forms.At this moment, for input information does not mix,, can only import the information of low one-level level for information such as higher level's level.The DB21 of the control part of server 4 retrieval ID extracts individual's the information of each contract form of the level that belongs to subordinate out, to this data input.
Figure 15 represents one of personal attribute's the example of tree structure of " sex "." male sex " and " women " arranged in " sex "." male sex " has " A " etc. as shown in the figure." women " has " C " etc. as shown in the figure.The supvr is by other information of SC policy management application program 12 Introduced cases.The DB21 of the control part of server 4 retrieval ID extracts the information of each sex of the level that belongs to subordinate out, to this data input.
Figure 16 represents one of personal attribute's the example of tree structure of " group ".The councils such as " safety and sanitation committee member ", " committee member ISO9000 ", " system management committee member " are arranged in " group "." W " and " X " belongs to " system management committee member ".The several people belongs to other councils.The supvr is by the information of SC policy management application program 12 each council of input.The DB21 of the control part of server 4 retrieval ID extracts the information of each council of the level that belongs to subordinate out, to this data input.
Figure 17 is the figure of an example of district's construction data of comprising among the DB24 of expression district and EK.In the district " ABC joint-stock company " of higher level's level, enterprises such as " capital of a country main office ", " capital of a country factory ", " nine divisions of China in remote antiquity factory ", " Shanghai factory " are arranged.Buildingss such as " No. 1 shop ", " No. 2 shops ", " No. 3 shops " are for example arranged in " capital of a country factory ".House or floor such as " A meeting room ", " B meeting room ", " dining room ", " 1 floor ", " 2 floor " are arranged in " No. 1 shop ".Floor such as " 1 floor ", " 2 floor " are arranged in " No. 2 shops ".Floor or houses such as " 1 floor ", " 2 floor ", " swimming booth ", " boudoir ", server room are arranged in " No. 3 shops ".The supvr is by the information in SC policy management application program 12 each district of input.At this moment, for input information does not mix,, can only import the information of low 1 grade of level to the information of higher level's level.
Figure 18~Figure 20 be the district that comprises among the DB24 of expression district and EK and and the figure of an example of EK corresponding data.Figure 18 represents district and the door and the EK corresponding data in No. 1 shop of capital of a country factory.For example " A meeting room " setting " door 1 ".At " door 1 " EK8 is set.Figure 19 represents district and the door and the EK corresponding data in No. 2 shops of capital of a country factory.At " 1 layer " setting " door 11 " and " door 12 ".At " door 11 " and " door 12 " " EK11 " and " EK12 " is set respectively.In other houses or layer also be provided with to give the door of determined number, at each EK8 is set.Figure 20 represents district and the door and the EK corresponding data in No. 3 shops of capital of a country factory.At " swimming booth " setting " door 51 " and " door 52 ".At " door 51 " and " door 52 " " EK51 " and " EK52 " is set respectively.In other houses or layer also be provided with to give the door of determined number, at each EK8 is set.The supvr is by the information of each district of SC policy management application program 12 input and each and each EK8.At this moment, for input information does not mix,, can only import the information of low 1 grade of level to the information of higher level's level.
Figure 21~Figure 26 is attribute that comprises among the DB23 in representation attribute and district and the figure that distinguishes an example of corresponding data.Figure 21 represents the principle 1 of SC policy, represents that each work position could concern for the current of each buildings of capital of a country factory.For example can " enter " " No. 1 shop " by input, the personal set that belongs to " business " is for passing through.In addition, can not " enter " " No. 2 shops ", " No. 3 shops " by input, the personal set that belongs to " business " is not for passing through.As shown in the figure, by the input for each buildings, " can enter " or " can not enter ", the personal set that belongs to other work positions maybe can not pass through for passing through.The supvr by SC policy management application program 12 carry out individual's attribute and the selection in district and input, based on this attribute to this district current could selection and input.Below, each data of Figure 22~Figure 26 are too.
Figure 22 is the exception 1 of SC policy, represents that each work position could concern for the current of No. 1 shop of capital of a country factory.Can enter " A meeting room ", " B meeting room ", " dining room " by input, the personal set that belongs to whole work positions is for passing through.Figure 23 is the exception 2 of SC policy, and the expression masculinity and femininity could concern the current of each dressing cubicle in No. 3 shops of capital of a country factory.Can enter " swimming booth " by input, the personal set that belongs to " male sex " can not enter " boudoir " for passing through by input, is set at and can not passes through.The individual who belongs to " women " as shown in the figure, by setting on the contrary with the individual who belongs to " male sex ".Figure 24 is the exception 3 of SC policy, and each group of expression and work position could concern for the current of server room in No. 3 shops of capital of a country factory.Can enter " server room " by input, the personal set that belongs to " systems committee " is for passing through.The individual who belongs to other work positions can not enter " server room " by input as shown in the figure, is set at and can not passes through.
Figure 25 is the principle 2 of SC policy, represents that each contract form (except the regular employee) could concern for the current of each buildings of capital of a country factory.Can enter " No. 1 shop ", " No. 2 shops ", " No. 3 shops " by input, the personal set that belongs to each contract form is for passing through.Figure 22 is the exception 4 of SC policy, represents that each contract form (except the regular employee) could concern for the current of server room of capital of a country factory.Can enter " server room " by input, the personal set that belongs to each contract form is not for passing through.
The step and step and Fig. 6 and illustrated in fig. 8 same of appending and reforming abolishment of carrying out the SC policy of appending and reform abolishment of carrying out individual in the present embodiment 2.In addition, carry out ID and EK tabulation append and the step of the current qualification of updating steps and judgement individual's ID and Fig. 9 and illustrated in fig. 10 equally.Therefore, in present embodiment 2, suitably with reference to Fig. 6, Fig. 8, Fig. 9, Figure 10, the repetitive description thereof will be omitted.
Figure 27 is the program flow diagram that generates the step of current matrix and ID and EK tabulation.This step is the detailed step of the step S23 of the step S3 of Fig. 6 and Fig. 8, is the detailed step that replaces Fig. 7.The control part of server 4 is carried out each and is handled according to the generation PG15 of ID and EK tabulation.At first from current matrix searching corresponding ID (step S51) by server 4 maintenances.Corresponding ID is the individual's of appointment ID successively among the step S23 of the individual's that imports among the step S1 of Fig. 6 ID or Fig. 8.Figure 31 is the figure of an example of the current matrix of expression.Carry out appending and reforming abolishment of individual and SC policy, carry out the step of Figure 27, by server 4 generate, keep passing through each data of matrix.At each row, as the information of determining the individual, input name and ID.At each row, as the information of the gateway of determining the district that management is current, the numbering of input gate and EK8.Represent " zero " that can pass through or represent impassable " * " each individual and the crossover sites of each input.If in current matrix, corresponding ID (the step S52:YES of Figure 27) is arranged, just remove the data (step S53) of the corresponding ID of current matrix, shift to step S54.And if in current matrix, do not have corresponding ID (the step S52:NO of Figure 27), just shift to step S54.
If shift, just, read the attribute corresponding with corresponding ID from the DB21 retrieval corresponding ID of ID to step S54.Then, the attribute of reading among the DB23 searching step S54 in attribute that comprises from the DB22 of SC policy and district is read the district corresponding with the attribute of finding and could be concerned (step S55) based on this attribute to the current of this district.Door corresponding with the district that finds and the numbering (step S56) of EK8 are read by the district of reading from the DB24 searching step S55 of district and EK.Figure 28 is the figure of an example representing that passing through of the ID that at this moment obtains and attribute and door and EK8 could concern.Corresponding ID is the ID of " A ", so from ID and the attribute corresponding data of the DB21 of ID, as the attribute corresponding with this ID, read " mechanism of main office " in work position.In addition, the district of the district shown in Figure 21 of the DB23 in dependency and district tree construction data, Figure 18~shown in Figure 20 and door and EK corresponding data are read " door 1 "~" door 4 ", " door 11 " of " swimming booth " in " A meeting room ", " B meeting room ", " dining room ", " 1 floor ", " 2 floor " in No. 2 shops in No. 1 shop can pass through corresponding with " mechanism of main office ", No. 3 shops~" 14 ", " 51 "~" 55 ", " EK1 "~" EK4 ", " EK11 "~" EK14 ", " EK51 "~" EK55 " respectively.
If carry out the step S56 of Figure 27, just judge whether the crossover location of the numbering of the EK8 that reads has impassable writing (step S57) in the corresponding ID of the current matrix of Figure 31 and step S56.At this moment, the crossover sites in that current matrix has corresponding ID and described EK8 to number during to this crossover sites input " * ", has been judged as impassable writing (step S57:YES), shifts to step S59.And when current matrix did not have the crossover sites of numbering of corresponding ID and described EK8, being judged to be did not have impassable writing (step S57:NO).Then, the crossover sites of the numbering of corresponding ID and described EK8 is set newly in current matrix, current " zero " or " * " (the step S58) that could concern of the expression of reading in this crossover sites write step S55 shifts to step S59.In addition, at current matrix the crossover sites of the numbering of corresponding ID and described EK8 is arranged, when this crossover sites input " zero ", being judged as does not have impassable writing (step S57:NO).Then, covering read among the step S55 current in this crossover sites could concern, at this moment is expression impassable " * " (step S58), shifts to step S59.
If shift to step S59, in step S55, read the attribute in corresponding district with regard to the DB23 retrieval in dependency and district, whether judge has tackling other districts.Here, if other districts (step S59:YES) corresponding with described attribute are arranged, just shift to step S55, the DB23 in dependency and district reads other corresponding districts, could concern to the current of this district.From the district that the DB24 retrieval of district and EK is read, read Men He district corresponding and the numbering (step S56) of EK8 with the district that finds.Figure 29 is the figure of an example representing that passing through of the ID that at this moment obtains and attribute and door and EK8 could concern.The attribute of the exception shown in Figure 24 3 of the DB23 in dependency and district and district's corresponding data, district shown in Figure 20 and door and EK corresponding data, " 55 " and " EK55 " who reads impassable " server room " corresponding with " mechanism of main office ".
As mentioned above, as scheming to carry out the step S56 of Figure 27, just whether the crossover location of the numbering of the EK8 that reads among the corresponding ID of the current matrix of judgement and the step S56 has impassable writing (step S57) again.During described Figure 29, the crossover sites of corresponding ID and described EK8 numbering is arranged,, do not have impassable writing (step S57:NO) so be judged to be to this crossover sites input " zero " at current matrix.Then, be crossover sites covering expression impassable " * " (the step S58) of Figure 31 " A (ID) " and " door 55 (EK55) " in this crossover sites, shift to step S59.
Then, as described in step S59, judged whether other districts,, just shifted to step S60 if there are not other districts (step S59:NO).In step S60, other attributes that the DB23 in dependency and district retrieval has been read in step S54, whether judge has other attributes.Here, if other attributes (step S60:YES) are arranged in the DB23 in attribute and district, shift to step S55, the DB23 in dependency and district reads the district corresponding with other attributes, could concern to the current of this district.From the district that the DB24 retrieval of district and EK is read, read door corresponding and the numbering (step S56) of EK8 with the district that finds.Figure 30 is the figure of an example representing that passing through of the ID that at this moment obtains and attribute and door and EK8 could concern.From ID and the attribute corresponding relation of the DB21 of ID, as other attributes corresponding with the ID of " A ", readability other " male sex ".In addition, the district shown in Figure 20 of the DB24 of the attribute of the exception shown in Figure 23 2 of the DB23 in dependency and district and district corresponding data, district and EK and door and EK corresponding data are read " door 51 " and " door 52 ", " EK51 " and " EK52 " of " swimming booth " that can pass through corresponding with " male sex ".Read " door 53 " and " door 54 ", " EK53 " and " EK54 " of impassable " boudoir " corresponding with " male sex ".
As mentioned above, if carry out the step S56 of Figure 27 again, just whether the crossover location of the numbering of the EK8 that reads among the corresponding ID of the current matrix of judgement and the step S56 has impassable writing (step S57).During described Figure 30, the crossover sites of corresponding ID and described EK8 numbering is arranged,, do not have impassable writing (step S57:NO) so be judged to be to this crossover sites input " zero " at current matrix.Then, be that " A (ID) " and " door 53 (EK53) " of Figure 31 and the crossover sites of " door 54 (EK54) " cover expression impassable " * " (step S58) respectively in the part of this crossover sites, shift to step S59.
Then, as described in step S59, judged whether other districts,, just as mentioned above, judged whether other attributes (step S60) are arranged,, just shifted to step S61 if there are not other attributes (step S60:60) if there are not other districts (step S59:NO).Then,, read the data of corresponding ID, generate the ID and the EK tabulation of corresponding ID, end process from current matrix at step S61.Figure 32 is the figure that represents an example of the ID that at this moment generates and EK tabulation.Because corresponding ID is the ID of " A ", so the data of reading " A " from current matrix generate ID and the EK tabulation of the ID of " A ".Then, the data of this ID and EK tabulation are passed on to CGC7 via TC6 from server 4.Then, at CGC7, according to the step of described Fig. 9, the data of ID that passes on and EK tabulation embed among the ID and EK tabulation 20 that has existed.Then at CGC7, step according to described Figure 10, ID according to " A ", " EK1 "~" EK4 ", " EK11 "~" EK14 ", " EK51 ", " EK52 " are unblanked, " door 1 "~" door 4 ", " door 11 "~" door 14 ", " door 51 ", opening of " door 52 " become possibility, allow the passing through of " swimming booth " in " A meeting room ", " B meeting room ", " dining room ", " 1 floor ", " 2 floor " in No. 2 shops to No. 1 shop, No. 3 shops.In addition, if according to the ID of " A ", " EK53 ", " EK54 ", " EK55 " do not unblank, and then opening of " door 53 ", " door 54 ", " door 55 " becomes impossiblely, forbids " boudoir ", " server room " current to No. 3 shops.
If according to above embodiment 2, the supvr is by 5 pairs of servers 4 of client computer, resemble ID to the individual, the individual's that input is corresponding attribute, for individual's attribute, what input was corresponding can visit the district that maybe can not visit, for the district, the corresponding EK8 of input is such, and 1 pair 1 related input in ground is respectively registered each input information respectively at the DB21 of the ID of server 4 and the DB22 of SC policy.Then,, generate the ID of corresponding relation of expression individual's ID and door and EK8 and the data of EK tabulation, in CGC7, set these data at the register content of server 4 according to the DB22 of the DB21 of ID and SC policy.Therefore, require to the district current the time, according to numbering, the ID of setting and the data of EK tabulation at the EK8 of the correspondence of the ID of CGC7 by the individual of CR9 input, differentiation, corresponding EK8 is unblanked or locks, make corresponding door open may or impossible, make to the district current may or impossible.
Therefore, the quantity of the gateway in the district of individual and current management object for a long time, input information can not become various yet during setting, the current of gateway that can set ID and district easily could concern, numerous and diverse and the burden of gerentocratic setting operation can be alleviated, mistake can be prevented to set.In addition, suitable assurance wants to produce related individual's attribute and district, related input, can set the ID corresponding in detail with attribute and be provided with this district corresponding and the passing through of gateway of EK8 could concern, can further alleviate gerentocratic burden.
In addition, individual's attribute and district expand into multilevel tree structure, and be in a plurality of levels, related respectively, so can be easily and at length attribute and the related setting in district in various levels, in addition, related the attribute of higher level's level with the district, setting principle, related the attribute of subordinate's level with the district, set exception, can easier and at length set, can prevent to set mistake and forget setting.
Gateway about certain district, exist when passing through with impassable antagonistic relations, step S57, S58 by Figure 27, make impassable relation effective, thus can be related currently the attribute of higher level's level with the district, setting principle, related impassably the attribute of subordinate's level with the district, set exception, can easily not set individual's the ID and the current of gateway in district could concern with omitting, can improve security level.
As mentioned above, in embodiment 2, can be related currently the attribute of higher level's level with the district, setting principle, related impassably the attribute of subordinate's level with the district, set exception, but also can be opposite, related impassably the attribute of higher level's level with the district, setting principle, can be related currently the attribute of subordinate's level with the district, set exception.
Figure 33 is a program flow diagram of representing as mentioned above the step of the current matrix of generation of the embodiment 3 of setting principle and exception on the contrary and ID and EK tabulation.In Figure 33, the step identical with described Figure 27 paid identical symbol, the repetitive description thereof will be omitted.The difference of Figure 33 and Figure 27 is step S57a.In step S57a, judge whether the crossover location of the numbering of the EK8 that reads has writing of passing through in the corresponding ID of current matrix and step S56.Crossover sites in that current matrix has corresponding ID and described EK8 to number during to this crossover sites input " zero ", is judged to be write (the step S57a:YES) that can pass through, and shifts to step S59.And when current matrix did not have the crossover sites of corresponding ID and described EK8 numbering, being judged as did not have write (the step S57a:NO) that can pass through.Then, the crossover sites that row matrix does not have corresponding ID and described EK8 numbering newly is set,, shifts to step S59 to current " zero " or " * " (the step S58) that could concern of the expression of reading among this crossover sites write step S55 at current matrix.In addition, at current matrix the crossover sites of the numbering of corresponding ID and described EK8 is arranged, when this crossover sites input " * ", being judged as does not have write (the step S57a:NO) that can pass through.Then, covering step in this crossover sites represents to shift " zero " (the step S58) that can pass through to step S59.
Embodiment 3 is such as described, can be related currently the attribute of higher level's level with the district, setting principle, related impassably the attribute of subordinate's level with the district, set exception, gateway about certain district, exist when passing through with impassable antagonistic relations, by step S57a, S58, the relation that enables to pass through is effective, can easily not set individual's the ID and the current of gateway in district could concern with omitting, can improve security level.
The present invention can adopt various forms beyond above embodiment.For example, in above embodiment, be set forth in Record ID in the card 10, read the example of this ID by CR9, but can be in other recording mediums in addition Record ID, read this ID by other reading devices.In addition, can the ID input media be set, require current individual this ID input media directly to be imported the ID of self in the gateway in district.Can also organism authentication apparatus be set in the gateway in district,, differentiate corresponding ID with the current individual's of this organism authentication apparatus reading requirement Biont information.
In addition; in above embodiment; enumerate the example that the present invention is applied to people's current ID management system 1 in management company's office building; but the present invention can be applied in the building, the current management of the people of the buildings of mansion, school or communal facility etc. or place or door or thing or room entry/exit management etc. beyond this.Permission beyond the door such as bar or the device that no through traffic can be set in the current management object that waits, also can what not be provided with.
The present invention can be applied to the use and management of instruments such as computing machine.For example, when being applied to the use and management of PC (PC (comprise work) as server, the supvr is as the SC policy, and input provides the condition of the rights of using (launch and data reading in and writing) of which type of file that keeps in the rights of using, each PC of which type of application program of installing in the rights of using, each PC of which type of PC (attribute of PC) to which type of what kind of person (personal attribute).If enumerate concrete example, then respectively the input " regular employee can sign in to whole PC; each PC can use word processor software and the table software for calculation; can visit personnel system; can visit the file A and file B and the file C that keep among certain PC) " condition, the condition of " sending the office worker can sign in to whole PC; can use word processor software and table software for calculation at each PC; still can not visit personnel system; can only visit the file A that keeps among certain PC ", the condition of " the contract office worker sends the office worker can not sign in to whole PC; can not adapt to whole application programs at each PC, can not visit all files folder that keeps among whole PC ".After the input, server generates the matrix of each the individual ID of expression and the corresponding relation of each PC that manages use or each application program.In addition, server generates the data of tabulation of the corresponding relation of expression individual's ID and PC that can use with this ID or application program, sets in each PC.
Claims (8)
1. ID management devices comprises:
Generate parts, according to the identifier of being imported that is identified body be ID, the attribute corresponding with the ID that is identified body, with the corresponding district of the attribute that is identified body and with each information of the corresponding access door in district, generate the ID that represents to be identified body and the access door that can visit with this ID between the data of corresponding relation; With
Set parts is set the described data that generated by described generation parts in access door.
2. ID management devices according to claim 1 is characterized in that:
Described district expands into the tree structure of a plurality of levels;
In any one of described a plurality of levels, can both with the described Attribute Association that is identified body.
3. ID management devices according to claim 1 and 2 is characterized in that:
The described attribute that is identified body expands into the tree structure of a plurality of levels;
Described a plurality of levels arbitrarily in, can both be related with described district.
4. according to any described ID management devices in claim 1 or 3, it is characterized in that:
Described generation parts are about certain access door, when having the antagonistic relations that can visit and can not visit, make can not access relation effective.
5. according to any described ID management devices in claim 1 or 3, it is characterized in that:
Described generation parts are about certain access door, and when having the antagonistic relations that can visit and can not visit, the relation of enable access is effective.
6. ID management devices comprises:
Input block, the input identifier that is identified body is ID and the attribute corresponding with this ID, is identified the attribute of body and district and district and with this district corresponding access door corresponding with this attribute respectively;
Memory unit, the ensemble of communication of storing the described ID that is identified body that imports by described input block and the attribute corresponding respectively with this ID promptly first database, the described attribute that is identified body and with the ensemble of communication in the corresponding district of this attribute promptly second database and described district and with the ensemble of communication of the corresponding access door in this district be the 3rd database;
Generate parts, according to the information of described each database, generate that expression is identified the ID of body and the access door that can visit with this ID between the data of corresponding relation; With
Set parts is set the described data that generated by described generation parts in access door.
7. ID management system,
The identifier that is identified body by management is the ID management devices of ID and uses the access door of the ID visit that is identified body to constitute;
Described ID management devices according to the described ID that is identified body that is imported, the attribute corresponding with the ID that is identified body, with the corresponding district of the attribute that is identified body and with each information of the corresponding access door in district, generate that expression is identified the ID of body and the access door that can visit with this ID between the data of corresponding relation, these data of setting in described access door;
Described access door makes the visit based on this ID become possibility or impossible according to the ID that is identified body that is imported, by the described data that described ID management devices sets.
8. ID management method,
According to the identifier of being imported that is identified body be ID, the attribute corresponding with the ID that is identified body, be identified body the corresponding district of attribute and with each information of the corresponding access door in district, generate that expression is identified the ID of body and the corresponding relation of the access door that can visit with this ID between data, these data of setting in access door.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2005364535A JP5369364B2 (en) | 2005-12-19 | 2005-12-19 | ID management device, ID management system, ID management method |
| JP2005364535 | 2005-12-19 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1991917A true CN1991917A (en) | 2007-07-04 |
Family
ID=38214154
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200610168636 Pending CN1991917A (en) | 2005-12-19 | 2006-12-19 | ID management device, ID management system and ID management method |
Country Status (2)
| Country | Link |
|---|---|
| JP (1) | JP5369364B2 (en) |
| CN (1) | CN1991917A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102768775A (en) * | 2012-06-29 | 2012-11-07 | 深圳光启创新技术有限公司 | Photon key ID assignment management method |
| CN102768779A (en) * | 2012-06-29 | 2012-11-07 | 深圳光启创新技术有限公司 | ID (identity) management method for photon key |
| CN101635067B (en) * | 2009-05-28 | 2014-07-30 | 樊铁山 | Card-reading circuit controller for special equipment operating personnel |
| CN116806350A (en) * | 2021-02-04 | 2023-09-26 | 韩国土地住宅公社 | Access door opening and closing control device, system and control method thereof |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009081570A1 (en) * | 2007-12-21 | 2009-07-02 | R & D Associates, Inc. | Authentication system and electronic lock |
| JP5355329B2 (en) * | 2009-09-25 | 2013-11-27 | 三菱電機株式会社 | Traffic authority granting system, traffic authority setting device, traffic authority setting program, and recording medium |
| JP6340273B2 (en) * | 2014-07-07 | 2018-06-06 | 株式会社総合車両製作所 | Authentication system |
| JP6848480B2 (en) * | 2017-01-26 | 2021-03-24 | 富士通株式会社 | Management program, management method, and management system |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH0288863A (en) * | 1988-09-26 | 1990-03-29 | Hitachi Maxell Ltd | Systematized control for entering or leaving room with ic card |
| JP4834234B2 (en) * | 2000-03-08 | 2011-12-14 | 株式会社アール・アンド・デー・アソシエイツ | Electronic lock, electronic lock system, and service providing method for locked object provided with electronic lock |
| JP2005146755A (en) * | 2003-11-19 | 2005-06-09 | Sumitomo Electric Ind Ltd | Electronic lock management system, server device, method, and program and recording medium for it |
| JP4313171B2 (en) * | 2003-12-09 | 2009-08-12 | 株式会社日立製作所 | Authentication control apparatus and authentication control method |
| JP2005314932A (en) * | 2004-04-28 | 2005-11-10 | Matsushita Electric Ind Co Ltd | Entry and exit device and access code recorder |
-
2005
- 2005-12-19 JP JP2005364535A patent/JP5369364B2/en not_active Expired - Fee Related
-
2006
- 2006-12-19 CN CN 200610168636 patent/CN1991917A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101635067B (en) * | 2009-05-28 | 2014-07-30 | 樊铁山 | Card-reading circuit controller for special equipment operating personnel |
| CN102768775A (en) * | 2012-06-29 | 2012-11-07 | 深圳光启创新技术有限公司 | Photon key ID assignment management method |
| CN102768779A (en) * | 2012-06-29 | 2012-11-07 | 深圳光启创新技术有限公司 | ID (identity) management method for photon key |
| CN116806350A (en) * | 2021-02-04 | 2023-09-26 | 韩国土地住宅公社 | Access door opening and closing control device, system and control method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| JP5369364B2 (en) | 2013-12-18 |
| JP2007169887A (en) | 2007-07-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10565809B2 (en) | Method, system and device for securing and managing access to a lock and providing surveillance | |
| CN1991917A (en) | ID management device, ID management system and ID management method | |
| CN100430951C (en) | Systems and methods of access control enabling ownership of access control lists to users or groups | |
| CN1610292B (en) | Interoperable credential gathering and access method and device | |
| US7237119B2 (en) | Method, system and computer program for managing user authorization levels | |
| CN103460259A (en) | Distribution of premises access information | |
| US20060137026A1 (en) | Interactive security control system with conflict checking | |
| JP4445941B2 (en) | Customer database management device and customer database management program | |
| JP2003323528A (en) | Personnel management system and method | |
| US20120173501A1 (en) | Configurable catalog builder system | |
| TW200426619A (en) | System and method for controlling database authorization | |
| CN101539926B (en) | Relative document presenting system, relative document presenting method | |
| CN1591448A (en) | Data management apparatus, data management method and program thereof | |
| JP2010160709A (en) | Method and system for registering biological information | |
| US20040030700A1 (en) | Document management system, document management apparatus, authentication method, program for implementing the method, and storage medium storing the program | |
| JP4955434B2 (en) | Authentication processing device | |
| JP4887735B2 (en) | Information processing apparatus, information processing system, and program | |
| JP4876209B2 (en) | Identifier authentication system | |
| JP2005285008A (en) | Data security management system, program, and data security management method | |
| JP4876210B2 (en) | Identifier authentication system | |
| JP2006085705A (en) | Data processor and storage medium | |
| JP2008057315A (en) | Temporary use management system and its method | |
| JP2007249540A (en) | Business system for organization, operation control method, and terminal device | |
| CN109787853A (en) | A kind of method and device that detection device is active | |
| JP4887931B2 (en) | File management program, file management apparatus, and file management method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |