1. Field of the Invention
The present invention relates to a communications system in which communications terminals for communicating with external communications apparatuses are managed in a concentrated manner by a computer functioning as a central control apparatus, and particularly to a communications system in which an authentication process is performed between such communications terminals and transponders that communicate therewith.
2. Description of the Prior Art
Conventionally, communications systems are in practical use that employ IC cards or magnetic cards as transponders to manage the lift facilities at a skiing ground, to sort pieces of baggage, to monitor people entering and leaving a room, and for other purposes. A communications system of this type consists basically of an interrogator portion and a transponder portion with which the interrogator portion communicates. Here, the interrogator portion is composed of, on the one hand, communications terminals, each provided with a reader/writer for communicating directly with a transponder and provided with a personal computer (hereinafter referred to simply as a xe2x80x9cPCxe2x80x9d) serving as a local control apparatus for analyzing the signal received from the transponder and producing a signal to be transmitted back to the transponder, and, on the other hand, another PC serving as a central control apparatus (i.e. a host computer) for managing in a centralized manner the above-mentioned PCs of the communications terminals as slave computers.
In a conventional communications system as described above, the interrogator portion, composed of a plurality of communications terminals and a central control apparatus, has a system configuration as shown in FIG. 8, which is a block diagram thereof. Specifically, a plurality of reader/writers 50-1 to 50-n, each capable of communicating with a transponder and having an authentication means, are connected individually to PCs 51-1 to 51-n so as to be controlled thereby, and these PCs 51-1 to 51-n are, as slave computers, connected to another PC 52 serving as their host computer so as to construct together a LAN (local area network).
How this communications system works will be described briefly below, taking as an example a case where it is applied to a system for monitoring people entering and leaving a room. When a person holding a magnetic card, on which personal information is recorded such as the time period in which the person is permitted in the room and the card ID (identification) number, inserts the magnetic card into one of the reader/writers 50-1 to 50-n, the person is requested to enter a secret number, and an authentication process is performed to determine whether to open a door or not to permit the person to enter or leave the room. Here, suppose that the magnetic card is inserted into the reader/writer 50-1. If, on the basis of the secret number entered by the person, the reader/writer 50-1 authenticates the magnetic card, communication is established between them, and the personal information recorded on the magnetic card is read.
This personal information is transmitted to the PC 51-1 that controls the reader/writer 50-1, and then the PC 51-1 determines whether to permit the person to enter or leave the room or not. If the PC 51-1 determines to permit the person in or out of the room, it responds by transmitting back a command signal requesting the door connected to the reader/writer 50-1 to be opened. Thereafter, the reader/writer 50-1 controls the door so that it will be unlocked, and also communicates with the magnetic card to record thereon the time at which the person entered or left the room. The information that this particular magnetic card holder entered or left the room is transmitted from the PC 51-1 to the PC 52 serving as the host computer, which thereby keeps track of where the magnetic card holder currently is. Moreover, from this PC 52, it is possible to manage faults occurring in the PCs 51-1 to 51-n that serve as slave computers.
In recent years, in a communications system of this type, IC cards have been taking the place of magnetic cards for their convenience. In such cases, to achieve higher security, both IC cards and reader/writers are provided individually with an authentication means that generates a rolling code to permit them to check, when communication is requested from a communication partner, whether the communication partner is authentic or not.
In this way, this conventional communications system, in which a plurality of reader/writers 50-1 to 50-n are connected individually to PCs 51-1 to 51-n so as to be controlled thereby and those PCs 51-1 to 51-n are connected to another PC 52 so as to construct together a LAN, requires PCs to be provided one for each of the communications terminals used therein, and thus inevitably has a complicated system configuration. Thus, a communications system of this type is expensive to introduce and maintain, and in addition troublesome to manage.
This system can be simplified, for example, by providing a hub serving as a relaying apparatus between the reader/writers and the PC serving as the host computer so that the reader/writers will be connected through the hub directly to the host PC so as to construct together a LAN. However, in this case, there is no security function performed between the reader/writers and the host PC such as the rolling codes and secret numbers exchanged between the reader/writers and the transponders. As a result, once a reader/writer erroneously authenticates an inauthentic transponder, there is a risk of the host PC being readily accessed by that transponder, allowing the inauthentic transponder to pretend to be an authentic transponder.
An object of the present invention is to provide a communications system that has a simpler system configuration in its interrogator portion including a plurality of communications terminals and that nevertheless offers higher security in communication.
To achieve the above object, according to the present invention, a communications system having an authentication function is provided with: a plurality of communications terminals for communicating individually with external communications apparatuses; a central control apparatus for controlling the communications terminals and for exchanging data related to the communications terminals and the external communications apparatuses with the communications terminals; and a relaying apparatus composed of a switching portion for selectively connecting one of the communications terminals to the central control apparatus and a central authentication circuit for checking whether the individual communications terminals are authentic or not.
In this communications system, whether the communications terminals are authentic or not is checked by the central authentication circuit provided in the relaying apparatus. If a communications terminal is found to be inauthentic by the central authentication circuit, the switching portion provided in the relaying apparatus prohibits it from being connected by way of a data transfer line to the central control apparatus. On the other hand, if a communications terminal is found to be authentic by the central authentication circuit, whenever it is accessed by an external communications apparatus requesting communication therewith, the switching portion provided in the relaying apparatus selects the communications terminal and connects it by way of a data transfer line to the central control apparatus to establish communication between them. Here, the authentication process performed by the communications terminal to check whether the external communications apparatus is authentic or not is performed independently of the authentication process performed by the relaying apparatus to check whether the communications terminal is authentic or not.