JP6411903B2 - Gate control system - Google Patents

Description

  The present invention relates to a gate control system in which various gates installed in a management area can be opened and closed or opened / closed by a user's electrical operation.

  For example, entrances and exits of common or private areas in housing (apartment housing such as detached houses and condominiums) and various facilities (public facilities such as hotels and medical institutions, commercial facilities such as office buildings and rental offices, research facilities conducting various research) Gates that use ID keys, such as remote control keys and non-contact IC cards, for example, instead of the usual keyhole insertion type metal keys to make the various gates installed in the door openable / closable or open / closed. A control system has been proposed.

  This gate control system registers an ID key for the reader in advance, and an authentication ID (for authentication required for lock / unlock and gate opening / closing control) between the ID key and the reader corresponding to the gate. Information, for example, a gate ID for specifying a gate or a user ID for specifying an individual user) is transmitted and received, and the gate is controlled by determining whether the authentication data is correct (for example, see Non-Patent Document 1).

“VERSA Access Controller”, Miwa Rock Co., Ltd., June 2013 edition, p. 8-9

  In recent years, a gate control system for controlling a gate in a hands-free manner using various portable terminals (smartphones, feature phones, wearable devices) instead of ID keys such as a remote control key and a non-contact type IC card has been developed. In this system, for example, a so-called “proximity mode” in which a mobile terminal is directly held by a reader during gate control using a communication area of several centimeters to several tens of centimeters such as NFC (Near Field Communication) is used. For example, the gate can be controlled by entering the detection range of the reader while being carried in a bag etc. using a short communication range of several meters to several tens of meters such as Bluetooth (registered trademark). It has a so-called “hands-free mode”.

  In this type of system, tamper-resistant parts are used to prevent reverse engineering of the CPU, and communication between the ID key and the reader is protected by a unique encryption method. Authentication data due to interception of communication is not leaked, and the system can be used with peace of mind.

  By the way, when a mobile terminal possessed by a user is used as a key instead of an ID key, the mobile terminal has no tamper resistance and can be easily reverse-engineered. A pairing operation is required. However, for example, when a system is adopted in a large-scale housing where the number of households is several hundreds, a pairing operation must be performed on a mobile terminal possessed by a user of each household, and the system provider performs the pairing process. That is not realistic.

  Therefore, when using each user's mobile terminal as an authentication key, it is necessary for the user to perform pairing operation with the reader of the gate to be used by himself / herself, but there may be users who have little knowledge about the operation of the mobile terminal Therefore, it is desired to introduce a system in which all users can easily perform a pairing operation.

  Therefore, the present invention has been made in view of the above problems, and maintains high security without performing a pairing operation between a gate control device that controls a gate to be controlled and a mobile terminal possessed by the user. An object of the present invention is to provide a gate control system that enables gate control by short-range wireless communication in a state.

In order to achieve the above object, the gate control system according to claim 1 enables short-range wireless communication with a detection range of several meters to several tens of meters and controls gates installed in a management area. Equipment,
A portable terminal possessed by a user who can transmit an authentication ID necessary for authentication by short-range wireless communication with the gate control device when entering the detection range;
With
In the gate control system that controls the gate when the gate control device has successfully authenticated the authentication ID received from the mobile terminal,
An object to be read in which authentication data including the authentication ID, encryption data for encrypting the authentication ID, and identification data for specifying the encryption data is readable by the portable terminal Using a data acquisition medium for authentication
The portable terminal acquires the authentication data from the authentication data acquisition medium, and combines the authentication ID and the identification data encrypted with the encryption data when entering the detection range. To the gate control device,
The gate control device specifies the encryption data from the identification data transmitted from the mobile terminal, decrypts the authentication ID encrypted with the specified encryption data, and the authentication ID The gate is controlled when it is determined that is valid.

The gate control system according to claim 2 enables short-range wireless communication with a detection range of several meters to several tens of meters, and controls a gate installed in a management area;
A portable terminal possessed by a user who can transmit an authentication ID necessary for authentication by short-range wireless communication with the gate control device when entering the detection range;
With
In the gate control system that controls the gate when the gate control device has successfully authenticated the authentication ID received from the mobile terminal,
Authentication data to which an object to be read in which the authentication data including the authentication ID and a signature key shared between the mobile terminal and the gate control device can be read by the mobile terminal is provided Using acquisition media,
The portable terminal acquires the authentication data from the authentication data acquisition medium, and creates the authentication data based on the authentication ID, the signature key, and the authentication ID when entering the detection range. Send the signature together with the gate control device,
The gate control device verifies the signature transmitted from the portable terminal by using the signature key, and controls the gate when it is determined that the signature and the authentication ID are valid. Features.

  According to the invention of the present invention, the mobile terminal possessed by the user is used as an authentication key, and the pairing operation is not performed between the mobile terminal and the gate control device corresponding to each gate installed in the management area. The user simply acquires the authentication data from the authentication data acquisition medium, and communicates various data necessary for gate control while ensuring the same security as when the mobile terminal and the gate control device are paired. It can be carried out.

It is a schematic block diagram which shows the structure of the gate control system which concerns on this invention. It is a schematic block diagram which shows the other structural example of the gate control system which concerns on this invention.

  Hereinafter, embodiments for carrying out the present invention will be described in detail with reference to the accompanying drawings. It should be noted that the present invention is not limited by this embodiment, and all other forms, examples, operation techniques, etc. that can be implemented by those skilled in the art based on this form are included in the scope of the present invention. .

[System configuration]
First, the configuration of the gate control system according to the present invention will be described.
As shown in FIG. 1, the gate control system 1 includes a portable terminal 10 possessed by a user that is used as an authentication key when controlling the gate, and a gate 40 or gate of a shared unit or a dedicated unit in a management area to be managed. 40. Authentication data including a gate control device 20 provided in the vicinity of 40 and an authentication ID (for example, a user ID that identifies a user or a gate ID that identifies a gate) with which the mobile terminal 10 communicates with the gate control device 20 And an authentication data data acquisition medium 30 for acquiring.

  The “management area” in the gate control system 1 of the present invention refers to, for example, a house (an apartment house such as a detached house or a condominium) and various facilities (a public facility such as a hotel or a medical institution, a commercial facility such as an office building or a rental office, Buildings that include various research facilities), areas divided within this type of building (regardless of area division or division within the same floor), multiple buildings, buildings and their surrounding facilities This is an area to be managed by a management company (including a management form by a single management company, including a case where a plurality of management companies are mixed depending on each divided area), such as an area to be included.

  In addition, as shown in FIG. 1, in the management area, a gate 40 that is a control target by an electric operation of the mobile terminal 10 possessed by the user (general doors, sliding doors, folding doors, etc. operated by the user) Gate control device that can open and close or open / close doors (including automatic doors, revolving doors, automatic ticket gates and open / close control gates such as gates) 20 is installed in multiple places.

  As an operation mode of the gate control system 1 of this example, for example, an extremely short communication area with a communication range of several centimeters to several tens of centimeters such as NFC (Near Field Communication) is used, and a portable terminal is used during gate control. The “proximity mode” in which the gate is controlled by passing (adjacent) 10 to the information communication unit 21 of the gate control device 20 and a short distance of about several meters to several tens of meters such as Bluetooth (registered trademark), for example. There is a “hands-free mode” in which the gate is controlled by entering the detection range of the gate control device 20 while the mobile terminal 10 is carried in a bag or the like carried by the user using the communication area. Each mode can be selected by each user in consideration of convenience.

<About mobile devices>
The portable terminal 10 is various portable communication terminals (for example, a mobile phone, a smartphone, a wearable device, etc.) possessed by a user, and a short-range wireless communication unit 11, a key control unit 12, a key storage unit 13, and a display unit. 14, an input operation unit 15, and a data acquisition unit 16.

  The mobile terminal 10 has functions of a general mobile communication terminal (for example, a telephone function, a mail function, a communication function using various computer networks, a camera function), and gate control stored in the key storage unit 13 When the application program (gate control application) is activated, the mobile terminal 10 functions as an authentication key for gate control.

  When the communication state is established with the gate control device 20, the short-range wireless communication unit 11 performs communication of various data necessary for gate control using near field communication (NFC). For this reason, for example, RFID tags (Radio Frequency Identification Tags) or Bluetooth (Radio Frequency Identification Tags) that enable radio communication at a distance of about several centimeters using electromagnetic fields and radio waves such as MiFare (ISO / IEC 14443) and FeliCa (ISO / IEC 15408). (Registered trademark) or the like, and various short-range wireless devices such as a module capable of wireless communication at a distance of several meters to several tens of meters.

  The RFID tag that functions as a short-range wireless device is configured with a small one-chip IC (integrated circuit) that has been put into practical use in recent years, in addition to a circuit board on which a plurality of electronic elements are mounted. IC tags are also included. Moreover, as a specification of short-distance wireless communication, a passive type (passive type), an active type (active type), a semi-active type (a start-up type active type) that combines both a passive type and an active type may be used.

  The key control unit 12 includes, for example, a processor such as a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), or an MPU (Micro-Processing Unit) having these functions. Various drive control programs stored in the key storage unit 13 are executed so as to function as a portable communication terminal, and the mobile terminal 10 functions as an authentication key according to the processing sequence of the gate control application stored in the key storage unit 13 Thus, drive control of each part constituting the mobile terminal 10 is performed.

  As the processing contents of the key control unit 12 by starting the gate control application, a response signal to the call signal from the gate control device 20 is transmitted so that short-distance wireless communication with the gate control device 20 can be performed. The process of establishing a communication state with the communication device 20, the encryption data included in the authentication data acquired from the authentication data acquisition medium 30 as a response to the data request signal transmitted from the gate control device 20 after the communication state is established Processing for encrypting authentication ID and anti-fraud data (to be described later) transmitted together with the data request signal from the gate control device 20, encrypted authentication ID and anti-fraud data and identification data for identifying the encrypted data; Is transmitted to the gate control device 20 as authentication control data.

  In the system of this example, the gate control application is configured to be triggered by reception of an interrogation signal transmitted from the gate control device 20, but is configured to always be activated in the background or activated every time the user uses it. It is good also as a structure.

  The key storage unit 13 is composed of various semiconductor memories including a non-volatile memory such as an EEPROM and a flash memory, and a volatile memory such as a DRAM and SDRAM, for the purpose of causing the portable terminal 10 to function as a normal portable communication terminal. Various necessary drive control programs are stored.

  Further, the key storage unit 13 includes a gate control application for causing the key control unit 12 (computer) included in the mobile terminal 10 to execute a gate control processing sequence necessary for using the gate control system 1. Remembered (installed).

  The display unit 14 is configured by a display device having a display area such as a liquid crystal display (LCD) or an EL display (electroluminescence display: ELD), and the gate control application is driven under the control of the key control unit 12. In addition to the display contents that are displayed in conjunction with each other, various display contents necessary for driving the mobile terminal 10 are displayed on the display area.

  The input operation unit 15 includes various input devices such as a UI (User Interface) such as a touch panel including operation keys such as numeric keys and selection buttons, and soft keys on the display screen of the display unit 14. When a predetermined operation is performed, for example, when acquiring authentication data from the medium 30 or when selecting and setting an operation mode, operation information corresponding to the operation content is output to the key control unit 12.

  The data acquisition unit 16 acquires authentication data from the read object 30 a attached to the authentication data acquisition medium 30 using, for example, a camera function or a non-contact communication function mounted on the mobile terminal 10. That is, the data acquisition unit 16 appropriately selects the function of the mobile terminal 10 according to the form of the read object 30a provided to the authentication data acquisition medium 30. For example, when the read object 30a is an information identifier such as a QR code (registered trademark), the camera mounted on the portable terminal 10 functions as an identifier reading unit, and the read object 30a is a non-contact type IC chip. The non-contact communication function (communication function by NFC) of the short-range wireless communication unit 11 is caused to function as a non-contact communication means.

<About gate control device>
As shown in FIG. 1, the gate control device 20 includes an information communication unit 21, a gate side control unit 22, a gate side storage unit 23, a gate drive mechanism 24, and a power supply unit 25. The gate control device 20 is a device that performs control related to opening and closing of the gate 40 to be driven provided in various gates 40 that the user enters and exits in the management area.
The gate control device 20 may be installed in a single or plural number, and as a device form, it is possible to communicate with a stand-alone type or a management device (not shown) (connection method may be wired or wireless). Any of the network connection types that are connected to and managed by the network.

  The information communication unit 21 includes various communication devices that function as a reader capable of transmitting and receiving various information to and from the mobile terminal 10 using various short-range wireless communications (NFC, Bluetooth (registered trademark), etc.) It is installed in the vicinity of each corresponding gate 40 to be controlled or at a predetermined location of the gate 40. In order to establish a communication state with the mobile terminal 10, the information communication unit 21 performs polling on the mobile terminal 10 that is close to the predetermined communication range at a constant cycle, and the mobile terminal 10 is within the communication range. A call (transmission of a call signal) is performed to activate the gate control application when it comes close to.

  In addition, when the communication state is established with the mobile terminal 10, the information communication unit 21 prevents fraud by the replay attack in order to prevent fraud prevention data created by the gate side control unit 22 (for example, disposable random data such as nonce). Value, serial number, date and time information) and a data request signal are transmitted to the mobile terminal 10 as a set. Further, upon receiving authentication control data (encrypted authentication ID + encrypted fraud prevention data + identification data) as a response to the transmitted data request signal, the information communication unit 21 gates the received authentication control data. To the side control unit 22.

  In addition to the method of polling at a predetermined cycle as described above as a method of performing communication with the mobile terminal 10, the information communication unit 21 confirms the intention of communication in order to save power. A configuration may be adopted in which communication is performed only when an operation button (not shown) provided at a predetermined location of the control device 20 is operated.

  The gate side control unit 22 includes, for example, a processor such as a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), or an MPU (Micro-Processing Unit) having these functions. The drive control and power supply control of each part which comprises the control apparatus 20 are performed.

  The gate control process performed by the gate-side control unit 22 includes a process of transmitting a call signal to establish communication with the mobile terminal 10 that has entered the detection range of the information communication unit 21, a set of a data request signal, and the like. A process of creating fraud prevention data to be transmitted in the process, and a process of transmitting the data request signal and the created fraud prevention data to the mobile terminal 10 as a set when the response signal from the mobile terminal 10 that transmitted the call signal is confirmed , Processing for identifying the data for encryption by comparing the identification data included in the authentication control data with the data specifying information stored in the gate-side storage unit 23, and the encryption included in the authentication control data received from the mobile terminal 10 The process of decrypting the identification ID and the fraud prevention data that has been converted into the encryption data specified in the above process, and the decrypted fraud prevention data in the past Processing to determine whether or not it matches the transmitted anti-fraud data, processing to determine that the gate control data is illegal when the anti-fraud data matches the past, and to terminate gate control, and anti-fraud When the data is different from the past, the identification ID and the identification ID stored in the gate-side storage unit 23 are collated, and only when the identification ID is successfully authenticated, the current lock and gate 40 A process of transmitting a gate control signal corresponding to the state to the gate drive mechanism 24 is appropriately performed. A series of processing procedures related to the above processing will be described in the section of processing operation described later.

  The gate-side storage unit 23 includes various storage devices such as various semiconductor memories including a nonvolatile memory such as an EEPROM and a flash memory, a volatile memory such as a DRAM and an SDRAM, and an HDD.

  The gate-side storage unit 23 is tabulated in a state in which the authentication data for encrypting the authentication ID and the fraud prevention data, the identification data for specifying each encrypted data, and the authentication ID are associated with each other. In addition to the data specifying information, a drive control program for each part constituting the gate control device 20 is stored. Further, the gate-side storage unit 23 stores past fraud prevention data transmitted to the mobile terminal 10 in order to prevent unauthorized access due to a replay attack.

  In addition, the gate side memory | storage part 23 memorize | stores various data, such as the status signal (The opening / closing state signal of the gate 40, the locking / unlocking state signal of a lock, locking / unlocking operation history) as monitor information as needed. Also good.

  The gate drive mechanism 24 outputs a drive signal to the control panel 41 of the gate 40 to be controlled in accordance with the gate control signal from the gate-side control unit 22 so that the gate 40 is opened or closed. Is a mechanism for opening or closing the door.

  As a specific example of the gate drive mechanism 24, a drive device such as a motor or a solenoid provided in the gate 40 and a lock are formed, and a dead bolt is projected (during locking) or pulled into a locking hole of the door frame. (When unlocked) The lock is unlocked or unlocked to open or close the gate 40, the handle or knob operated when the gate 40 is opened or closed can be opened from the locked state A form in which the gate 40 can be opened and closed by driving and controlling the electric strike on the door frame, and the thumb turn is locked / unlocked in a retrofit type locking device that electrically rotates the existing mechanical thumb turn. By turning in the operation direction and locking / unlocking the lock, the gate 40 can be opened or closed, and by rotating the electric thumb turn in the locking / unlocking operation direction to lock / unlock the lock Gate 0 is the form such that the door opening or closing state.

  The power supply unit 25 is a general commercial power supply unit, a power supply unit in which various batteries such as a button battery and a dry battery (regardless of a primary battery or a secondary battery) can be attached and detached, or a solar power or a solar battery using a photovoltaic effect. It is composed of any photovoltaic module that directly converts light energy, such as illumination light, into electric power, and appropriately supplies drive power to each part of the gate control device 20.

<About the data acquisition medium for authentication>
The authentication data acquisition medium 30 is a card-like medium or paper that is transferred to the user from a management company that operates the gate control system 1 and has a form in which the authentication data acquired by the mobile terminal 10 can be read. A read object 30a is provided. The authentication data includes encrypted data, identification data for specifying the encrypted data, and an authentication ID.

  Examples of the form of the object to be read 30a include a one-dimensional code (bar code), a two-dimensional code (QR code (registered trademark)), an information identifier such as a color dot, an RFID chip, and the like. It is applied to the surface of the medium as a sealing body, or it is embedded in the medium as a chip.

[About processing operations]
Next, a series of processing operations in the gate control system 1 described above will be described.
Here, it is a processing operation when the management area is an apartment and the gate 40 of the common entrance is controlled by the gate ID held by the mobile terminal 10 in the hands-free mode.

  First, the user obtains authentication data from the read body 30a of the authentication data acquisition medium 30 assigned by the manager by performing a predetermined operation on the mobile terminal 10. Thereby, the authentication data is stored in the mobile terminal 10.

  Next, when the user enters the communication range of the gate control device 20 while holding the mobile terminal 10, the mobile terminal 10 receives a call signal from the gate control device 20. As a response to the call signal, a response signal is transmitted to the gate control device 20, and short-range wireless communication is established between the mobile terminal 10 and the gate control device 20.

  Next, when the gate control device 20 confirms the response signal from the mobile terminal 10 that transmitted the call signal, the gate control device 20 transmits a data request signal for requesting authentication data to the mobile terminal 10 together with the fraud prevention data. . Next, the mobile terminal 10 transmits authentication control data to the gate control device 20 as a response to the data request signal from the gate control device 20.

  Next, in order to decrypt the encrypted authentication ID included in the authentication control data, the gate control device 20 specifies the identification data included in the received authentication control data and the data specified in the gate-side storage unit 23. The data for encryption is specified by collating with the information. Then, the encrypted authentication ID and fraud prevention data included in the authentication control data are decrypted, and it is determined whether or not the fraud prevention data matches the past fraud prevention data stored in the gate-side storage unit 23. To do.

At this time, if the anti-fraud data matches, it is determined that the authentication control data has been intercepted and accessed illegally, and the process ends.
On the other hand, if the fraud prevention data is different, it is determined that the authentication control data has been transmitted normally, the authentication ID is checked against the data specifying information stored in the gate-side storage unit 23, and the received authentication ID The gate control signal corresponding to the current lock and the state of the gate 40 is transmitted to the gate drive mechanism 24 only when the key is normally authenticated.

  The gate drive mechanism 24 controls the drive of the gate 40 by outputting a drive signal to the control panel 41 of the gate 40 to be controlled according to the input gate control signal.

As described above, in the gate control system 1 described above, the mobile terminal 10 acquires the authentication data from the authentication data acquisition medium 30, and uses the encryption data included in the authentication data and the authentication ID and The fraud prevention data transmitted from the gate control device 20 is encrypted and transmitted to the gate control device 20 as authentication control data. The gate control device 20 specifies the data for encryption used for encryption from the identification data included in the received authentication control data.
Next, the authentication ID and the fraud prevention data encrypted with the specified data for encryption are decrypted, the validity of the authentication ID and the fraud prevention data are confirmed, and both the authentication ID and the fraud prevention data are normal. When it is determined that the gate drive mechanism 24 is controlled, the gate drive mechanism 24 is driven to control the gate 40 to be controlled to a predetermined state.

  As a result, the portable terminal 10 and the gate control device 20 can only store the authentication data in the portable terminal 10 from the read object 30a assigned to the authentication data acquisition medium 30 assigned by the manager. Since the data to be encrypted (authentication ID and fraud prevention data) can be communicated using the shared encryption data, security equivalent to pairing can be ensured. it can.

  Further, when a communication state is established between the mobile terminal 10 and the gate control device 20, fraud prevention data is transmitted from the gate control device 20 to the mobile terminal 10 together with the data request signal, and this fraud prevention data is added to the gate control data. Is sent back to the gate control device 20 in an encrypted state, so that replay attacks due to intercepted gate control data can be prevented.

[Other embodiments]
In addition, this invention is not limited to said each embodiment, For example, as shown below, it can also change suitably according to a use environment etc. and can also implement it. Also, the following modifications can be implemented in any combination within the scope not departing from the gist of the present invention.

  In the above-described embodiment, authentication control is performed by acquiring authentication ID, encryption data, and identification data from the authentication data acquisition medium 30, and encrypting the authentication ID and fraud prevention data and adding the identification data. Although the configuration in which data is transmitted to the gate control device 20 has been described, the present invention is not limited to this. In other words, since it is only necessary to maintain security between the portable terminal 10 and the gate control device 20 which are the objectives of this system and prevent leakage of encryption data by reverse engineering, for example, as shown below A system configuration can be adopted.

  Here, another configuration example of the gate control system of this example will be described with reference to FIG. Here, the description of the same configuration as the system configuration described above is omitted, and only the configuration requirements and the processing contents that are characteristic in the embodiment shown in FIG. 2 will be described.

  As another example of this system, the mobile terminal 10 acquires an authentication ID and a signature key used for creating a signature from the authentication data acquisition medium 30, and the gate control device 20 preliminarily acquires the signature key and the authentication ID. Are stored in pairs. That is, it is assumed that the signature key is shared between the mobile terminal 10 and the gate control device 20.

  The mobile terminal 10 creates a signature using the authentication ID, the fraud prevention data, and the signature key (in addition, when creating a signature, it is sufficient to create a signature using at least the authentication ID and the signature key), The authentication ID, fraud prevention data, and signature are combined and transmitted to the gate control device 20.

  When the gate control apparatus 20 verifies the received signature using the signature key that shares the signature and confirms the validity of the signature, the gate control apparatus 20 activates the gate only when the received data (authentication ID or fraud prevention data) is valid. Control to a predetermined state. Further, when transmitting the data request signal, fraud prevention data for preventing a replay attack is also transmitted to the mobile terminal 10.

  As a processing procedure based on this system configuration, communication is first established between the mobile terminal 10 and the gate control device 20, and a data request signal and fraud prevention data are transmitted from the gate control device 20 to the mobile terminal 10. The mobile terminal 10 creates a signature from the authentication ID acquired from the authentication data acquisition medium 30, the fraud prevention data, and the private key, and authenticates the created signature, the authentication ID, and the fraud prevention data together. It transmits to the gate control apparatus 20 as control data.

  The gate control device 20 verifies the signature given to the received authentication control data using the signature key stored in itself, and as a result of the verification, it is normal when the received signature matches the signature created at the time of verification. The gate is controlled by confirming that the data is valid and determining whether the authentication ID is valid and whether the fraud prevention data is valid.

  As described above, since the signature can be created and verified by sharing the signature key between the mobile terminal 10 and the gate control device 20, the storage area of the gate control device 20 is small, as described above. Even when the capacity for storing the data specifying information cannot be secured, communication security can be secured and information leakage due to reverse engineering can be prevented.

DESCRIPTION OF SYMBOLS 1 ... Gate control system 10 ... Portable terminal 11 ... Short-range wireless communication part 12 ... Key control part 13 ... Key storage part 20 ... Gate control apparatus 21 ... Information communication part 22 ... Gate side control part 23 ... Gate side storage part 24 ... Gate drive mechanism 25... Power supply 30 .. authentication data acquisition medium (30a...
40 ... Gate 41 ... Control panel

Claims (2)

A gate control device that enables short-range wireless communication with a detection range of several meters to several tens of meters and controls a gate installed in a management area;
A portable terminal possessed by a user who can transmit an authentication ID necessary for authentication by short-range wireless communication with the gate control device when entering the detection range;
With
In the gate control system that controls the gate when the gate control device has successfully authenticated the authentication ID received from the mobile terminal,
An object to be read in which authentication data including the authentication ID, encryption data for encrypting the authentication ID, and identification data for specifying the encryption data is readable by the portable terminal Using a data acquisition medium for authentication
The portable terminal acquires the authentication data from the authentication data acquisition medium, and combines the authentication ID and the identification data encrypted with the encryption data when entering the detection range. To the gate control device,
The gate control device specifies the encryption data from the identification data transmitted from the mobile terminal, decrypts the authentication ID encrypted with the specified encryption data, and the authentication ID The gate control system is characterized in that the gate is controlled when it is determined that is valid. A gate control device that enables short-range wireless communication with a detection range of several meters to several tens of meters and controls a gate installed in a management area;
A portable terminal possessed by a user who can transmit an authentication ID necessary for authentication by short-range wireless communication with the gate control device when entering the detection range;
With
In the gate control system that controls the gate when the gate control device has successfully authenticated the authentication ID received from the mobile terminal,
Authentication data to which an object to be read in which the authentication data including the authentication ID and a signature key shared between the mobile terminal and the gate control device can be read by the mobile terminal is provided Using acquisition media,
The portable terminal acquires the authentication data from the authentication data acquisition medium, and creates the authentication data based on the authentication ID, the signature key, and the authentication ID when entering the detection range. Send the signature together with the gate control device,
The gate control device verifies the signature transmitted from the portable terminal by using the signature key, and controls the gate when it is determined that the signature and the authentication ID are valid. Characteristic gate control system.

Images