Patent Grant
8009013
1. Field of the Invention
The present invention relates to access control systems, and more particularly to access control system which uses user location information to control access to a restricted area, where the location information is useful to provide more accurate muster and to prevent pass-back.
2. Description of the Related Art
A physical access control system (ACS) includes one or more access controllers which are used to restrict access to one or more restricted physical locations or areas by controlling controllable physical barriers, such as doors, turnstiles, elevators, gates, etc. A “physical” ACS is distinguished from a “logical” ACS which is used to restrict access to data or information on a computer system or the like. Each access controller is configured in any suitable manner for controlling a corresponding controllable barrier to control access to the restricted area, such as including a reader device (e.g., card reader or the like) along with an access device (e.g., door lock or the like). A user presents a token to the reader device, which determines whether the token is “valid” thus indicating an authorized user. If the token is valid, access is granted; otherwise, access is denied.
In a conventional ACS, there is little or no separate tracking of authorized users' locations so that users may leave at any time without further authentication or verification. It may be desired, however, to track which authorized users are located within the restricted area at any given time. It may further be desired to prevent “pass-back” in which one user passes a valid token (e.g., badge) back to another user (authorized or not) to enable both to enter the restricted area using the same token. Pass-back may be defeated or made more difficult by preventing a valid token from being re-used within a certain period of time. A timed non-reuse period, however, may cause inconvenience to authorized personnel. For example, an authorized user might immediately leave the restricted area (e.g., to retrieve a forgotten item from their car) and attempt re-entry within only a short time yet be denied if still within the timed non-reuse period.
A more sophisticated ACS includes authentication upon user exit to more carefully track authorized users located within the restricted area. Such systems often include a “muster” or the like, which is a list or database of authorized users located within the restricted area. In such access control systems, the exit process is similar to the entry process in which the user must present their valid token again to exit the restricted area. Exit authentication, however, presents several problems. A dual access ACS (including exit authentication) is relatively expensive since each entry location must be configured for dual access for both entry and exit. Also, a dual access ACS is often considered inconvenient by, and intrusive to, the authorized users. Dual access systems also require relatively high maintenance since such systems often make mistakes and require occasional reset to ensure accuracy. For example, a user may exit through another door, or through an unauthorized exit or the like, or may simply follow another user out the door resulting in an inaccurate muster. In addition, another person (authorized or not) may follow an authorized user through an entry point without authentication so that security is compromised or the muster is inaccurate. Furthermore, dual access systems limit or restrict the ability to exit the restricted area which may present safety challenges. A dual access system, for example, may prevent fast evacuation of the restricted area during an emergency situation or the like.
It is desired to provide more accurate tracking of authorized users, to defeat pass-back, and to improve muster accuracy of an ACS without the problems associated with dual access systems.
The benefits, features, and advantages of the present invention will become better understood with regard to the following description, and accompanying drawings where:
The following description is presented to enable one of ordinary skill in the art to make and use the present invention as provided within the context of a particular application and its requirements. Various modifications to the preferred embodiment will, however, be apparent to one skilled in the art, and the general principles defined herein may be applied to other embodiments. Therefore, the present invention is not intended to be limited to the particular embodiments shown and described herein, but is to be accorded the widest scope consistent with the principles and novel features herein disclosed.
In one embodiment, the access system 104 operates to receive a token via a reader device of a corresponding access device, compares the received token with the valid tokens in its local token cache, and reviews additional locality information to make an access decision, and grants or denies access depending upon the decision result. If the received token matches a stored valid token, then access is granted and the access device is controlled to grant access based on the access decision. If the received token is not valid (e.g., not found among the valid token list), then access is denied. Each token may be authorized for selected times or according to predetermined rules. In one embodiment, for example, a scenarios database or the like incorporates access rules, scheduling information, operational modes, etc., for maintaining the access information. A given token may have few, if any, limitations, meaning that it grants access to all restricted areas at all times. Other tokens may have certain qualifications or limitations, such as granting access only to selected restricted areas (e.g., access to restricted area 202 but not to restricted area 204), or granting access only for selected times, or granting access only for certain dates, or any combination of these limitations. Such qualifications are associated with scenarios, which describe general operational modes for the access system 104, including rules applied to each token. The scenarios encompass various operational modes, such as emergency situations or scheduled events or time periods. In general, the scenarios determine which tokens are authorized for which areas for which times and for which situations or conditions. Each token may further include flags or the like for turning on and off authorization or modifying access rules or scenarios or access conditions associated with that token. For example, selected tokens may be enabled or disabled during certain times or dates, such as daytime/nighttime or weekday/weekend, etc. It is appreciated by those skilled in the art that any number of flags may be defined for each token.
The access control system 100 further includes a muster 106, a user location information system 108, one or more local tracking systems 109, and a utility control system 110. The muster 106 includes a list of authorized users located within a corresponding restricted area at any given time. As shown, the muster 106 may include multiple muster lists, such as a first list 103 for the restricted area 202 and a second list 105 for the restricted area 204. The user location information system 108 receives location information for each of the authorized users from a variety of sources including the access system 104, external tracking systems 112, and the local tracking systems 109. As illustrated, the user location information system 108 updates the muster 106 based on the location and access decision information as further described below. In the illustrated embodiment, the user location information system 108 submits a request (REQ) for location information for selected authorized users (e.g., one or more up to all of the authorized users) to one or more of the external tracking systems 112, which respond with the requested location information of the authorized users via location signal or feed LOCA. The location signal may be via an external location feed or the like. In an alternative embodiment, the LOCA signal is updated automatically by the tracking systems 112 on a periodic basis, such as every half-hour or every hour or the like, and the REQ is omitted so that the user location information system 108 does not prompt for the location information. The local tracking systems 109 may also be prompted by the REQ signal to provide location information via a corresponding location signal LOCB. Examples of local tracking systems include local transactions (swipe of credit card at vendor machine within either restricted area 202 or 204) detected by a billing system, check-in or check-out at on-site facility, such as cafeteria, fitness center, health club, medical center, library, conference rooms, etc., or any other indication of physical location of an authorized user within the restricted areas 202 and 204.
The tracking systems 112 are implemented according to any one or more tracking configurations for tracking the location of the authorized users. One configuration includes a global positioning system (GPS) 114 including any type of GPS device or GPS transponder or the like. Another configuration includes any type of mobile personal communication device (PCD) 116 typically carried by users, such as cellular phone or a pager or a BlackBerry® or the like. In this configuration, the PCD 116 enables tracking of the location of the mobile devices via associated mobile communication services, such as cellular phone or paging services or the like. Tracking by PCD 116 may include cellular triangulation techniques or the like. Another configuration includes a computer device 118, such as a laptop computer or a personal digital assistant (PDA) or any other type of mobile device capable of providing location information. In one embodiment, the computer device 118 incorporates a transmitter the like (e.g., wireless network) indicating whether the device is located within either or both of the restricted areas 202 and 204. It is noted that if the computer device includes a GPS transponder or the like, it is otherwise considered a GPS 114. Another configuration includes transaction information 120 indicating a general location of the authorized user, such as credit card transactions, toll road transactions, etc. For example, a recent toll road transaction or parking garage transaction may indicate whether the user is within a local area 206 (
The user location information system 108 is interfaced to any one or more of the tracking systems 109 and 112 via any type of network incorporating any combination of wired or wireless communication methods. The network may be a closed system and/or otherwise a secure network. In another embodiment, the network includes less secure portions and may even be coupled to one or more public or larger networks, such as the public switched telephone network (PSTN) and/or the Internet and the like. In various embodiments, such as those including limited security or non-secure networks, secure communications may be facilitated using encrypted communication methods or channels. The network is configured to enable communications according to any suitable type of communication protocol as understood by those skilled in the art. Various methods are contemplated for providing the LOCA signal incorporating location information from the external tracking systems 112 to the local user location information system 108. The accuracy of the location information depends upon the configuration. A GPS transponder or cellular triangulation may provide relatively accurate location information of each authorized user (e.g., within a few yards or feet) whereas transaction information may provide only an indication that the user has traveled outside of the local area 206. Although the tracking systems 112 may be capable of continuously tracking the location of each authorized user at all times and almost any location, in one embodiment the user location information system 108 only employs the location information for determining whether the authorized users are inside or outside the local area 206.
The access system 104 generally provides a primary location tracking source whereas any other tracking source, including any of the external tracking systems 112 or the local tracking systems 109 provides an additional or supplemental tracking source. As further described herein, each supplemental tracking source is useful for providing additional authentication or verification information for making access decisions and for verifying information in the muster 106.
The local area 206 is shown completely surrounding or otherwise encompassing both of the restricted areas 202 and 204. The local area 206 represents location of the user within or “near” the restricted areas 202 and 204 including a reasonable buffer zone. The relative size of the buffer zone depends upon the relative accuracy and configuration of the location information. For relatively accurate location information tracking, such as GPS transponders and the like, the buffer zone may be relatively small, such as within a few feet or yards of the boundary of the restricted areas 202 and 204. For less accurate location information tracking, the buffer zone is generally larger, such as within a few hundred yards or even a mile or so of the restricted areas 202 and 204. As described further below, the local area 206 is used to determine whether an authorized user is within or near the restricted areas 202 and 204.
The user location information system 108 combines location information from any of the location sources that are available to minimize the possible location area of an authorized user. The location information may be combined in any suitable manner, such as by applying corresponding weighting factors to each location source based on relative accuracy. For example, transaction information may have a significantly lower weighting factor as compared to cellular phone location information. The overlapping areas of multiple sources may provide sufficiently accurate information. If two sources conflict, such as when location areas do not overlap, then in one embodiment the user location information system 108 uses the weighting factors or the like or rejects less accurate source information in order to make the location determination decision. In one embodiment, a mismatch or inconsistency between multiple sources may be used to raise an alarm for the system and/or for the user. For example, if multiple location information including a person's cellular phone indicates that the user is in the office while a concurrent transaction involving the user's credit card is detected at a gas station, an alarm may be raised indicating a potential unauthorized transaction.
The muster determination at block 408 is slightly more complicated when multiple muster lists are included. If the user is requesting access to the restricted area 202, then the access system 104 consults the muster list 103. If the user is requesting access to the restricted area 204, then the access system 104 consults the muster list 105. This is true for both controllable barriers 102 and 208.
If the token is not valid such that the “user” is not authorized as determined at block 404, then operation proceeds instead to block 412 and entry is denied and operation is completed. Otherwise, if the “authorized” user is not located in the local area 206 as determined at block 406, then operation proceeds instead to block 412 from block 406 and entry is denied and operation is completed. In this case, is it deemed that another person, possibly an unauthorized person, is improperly attempting access using a valid token since the authorized user is not located near the restricted areas 202 or 204. Otherwise, if the token is valid and the authorized user is in the local area 206 and the authorized user is already on the muster 106 (either muster list 103 or 105) as determined at block 408, then operation proceeds instead to block 412 from block 408 and entry is denied and operation is completed. In this case, pass-back is potentially defeated since the authorized user has already used the same token to grant entry to the restricted area 202 or 204.
If entry is granted at block 410, operation proceeds to block 414 in which the muster 106 is updated by the user location information system 108 to add the authorized user. If multiple lists are included within the muster 106 (e.g., 103 and 105), then only the appropriate list is updated. In one embodiment, the access decision is forwarded by the access system 104 to the user location information system 108. Operation then proceeds to block 416 in which it is queried (e.g., continuously, periodically, etc.) whether the authorized user remains within the local area 206. As long as the authorized user remains in the local area 206, operation remains or loops at block 416 and the location of the authorized user is tracked. If the authorized user travels outside the local area 206 as determined by the user location information system 108, then operation proceeds to block 418 in which the muster 106 is updated by removing the authorized user from the muster 106. Operation then proceeds to block 420 in which location tracking of the authorized user is terminated 420 and operation is completed. As previously noted, it is only desired to determine whether the authorized user is within or near the restricted areas 202 or 204 for purposes of maintaining an accurate muster 106 and defeating pass-back. Depending upon the particular configuration, the external tracking systems 112 may continue to track user location. In one embodiment, the user location information system 108 requests location information only when entry is requested and only until it is determined that the authorized user has left the local area 206.
In certain configurations, the access system 104 controls any one or more of various utilities associated with the restricted areas 202 and 204 via the utility control system 110 based on the location information and/or the muster 106. The utilities include any one or more of the utilities or components associated with a work facility or the like, such as lighting, air-conditioning (AC), telephone services, billing services, wireless networks, computer systems, etc. For example, if it is determined that an authorized user has left the restricted area 202, utilities or the AC may be turned down or shut off in that area, the user's phone may be forwarded (e.g., to cell phone), a wireless network may be reduced or turned off, selected lights may be turned off, etc.
A method of controlling access to a restricted area according to one embodiment of the present invention includes receiving location information from at least one supplemental tracking source which tracks location of an authorized user and controlling access by the authorized user to a restricted area based on the location information.
The method may include receiving a token to request entry into the restricted area and making an access decision. Making an access decision may include denying access if the received token is not valid or if the authorized user corresponding to the received token is not located near the restricted area, and granting access if the received token is valid and if the authorized user is located near the restricted area. The method may further include denying access if the authorized user is already on a muster and granting access if the authorized user is not on the muster. The method may further include adding the authorized user to a muster if the access is granted and removing the authorized user from the muster if the authorized user leaves the restricted area as indicated by the location information.
The method may include receiving location information based on cellular phone information, based on global positioning system information, based on transaction information associated with the authorized user, etc., or any combination thereof. The method may include receiving location information from at least one tracking system internal or external to the restricted area or any combination thereof. The method may include controlling at least one utility based on the location information and the muster. The method may include combining location information from multiple tracking sources using corresponding weighting factors.
A physical access control system for controlling access to a restricted area according to one embodiment includes a user location information system which receives location information indicating location of an authorized user from at least one supplemental tracking source, and an access system which controls access to the restricted area based on the location information.
In one embodiment of the physical access control system, the access system receives a token and denies access if the token is invalid or if the authorized user is not within a local area surrounding the restricted area, and which grants access if the token is valid and if the authorized user is within the local area. The access system may further deny access of the authorized user is already on a muster and grant access if the authorized user is not on the muster. The user location information system may further add the authorized user to the muster if access is granted and remove the authorized user from the muster if the authorized user leaves the local area.
In various embodiments, the user location information system receives cellular phone information, global positioning system information, transaction information associated with the authorized user, etc., or any combination thereof. The user location information system may combine location information from multiple tracking sources using corresponding weighting factors. The physical access control system may include at least one tracking system either external or local to the restricted area or any combination thereof. The physical access control system may further include a utility control system which controls at least one utility based on the location information.
Although the present invention has been described in considerable detail with reference to certain preferred versions thereof, other versions and variations are possible and contemplated. Those skilled in the art should appreciate that they can readily use the disclosed conception and specific embodiments as a basis for designing or modifying other structures for providing out the same purposes of the present invention without departing from the spirit and scope of the invention as defined by the following claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5337043 | Gokcebay | Aug 1994 | A |
| 5628004 | Gormley et al. | May 1997 | A |
| 5774059 | Henry et al. | Jun 1998 | A |
| 5878434 | Draper et al. | Mar 1999 | A |
| 5903225 | Schmitt et al. | May 1999 | A |
| 5924096 | Draper et al. | Jul 1999 | A |
| 5936544 | Gonzales et al. | Aug 1999 | A |
| 6496595 | Puchek et al. | Dec 2002 | B1 |
| 6547130 | Shen | Apr 2003 | B1 |
| 6570498 | Frost et al. | May 2003 | B1 |
| 6617970 | Makiyama et al. | Sep 2003 | B2 |
| 6624739 | Stobbe | Sep 2003 | B1 |
| 6720874 | Fufido et al. | Apr 2004 | B2 |
| 6724296 | Hikita et al. | Apr 2004 | B1 |
| 6747564 | Mimura et al. | Jun 2004 | B1 |
| 6966491 | Gyger | Nov 2005 | B2 |
| 6990407 | Mbekeani et al. | Jan 2006 | B1 |
| 7080402 | Bates et al. | Jul 2006 | B2 |
| 7096354 | Wheeler et al. | Aug 2006 | B2 |
| 7283050 | Minowa | Oct 2007 | B2 |
| 7372839 | Relan et al. | May 2008 | B2 |
| 7375615 | Kitagawa et al. | May 2008 | B2 |
| 7407110 | Davis et al. | Aug 2008 | B2 |
| 7468658 | Bouressa | Dec 2008 | B2 |
| 7598842 | Landram et al. | Oct 2009 | B2 |
| 7698566 | Stone | Apr 2010 | B1 |
| 7817047 | Brignone et al. | Oct 2010 | B1 |
| 7818783 | Davis | Oct 2010 | B2 |
| 20020016740 | Ogasawara | Feb 2002 | A1 |
| 20020059523 | Bacchiaz et al. | May 2002 | A1 |
| 20020091745 | Ramamurthy et al. | Jul 2002 | A1 |
| 20020094777 | Cannon et al. | Jul 2002 | A1 |
| 20020133725 | Roy et al. | Sep 2002 | A1 |
| 20020137524 | Bade et al. | Sep 2002 | A1 |
| 20030004737 | Conquest et al. | Jan 2003 | A1 |
| 20030023882 | Udom | Jan 2003 | A1 |
| 20030046260 | Satyanarayanan et al. | Mar 2003 | A1 |
| 20030056096 | Albert et al. | Mar 2003 | A1 |
| 20030085914 | Takaoka et al. | May 2003 | A1 |
| 20030093690 | Kemper | May 2003 | A1 |
| 20030179073 | Ghazarian | Sep 2003 | A1 |
| 20030182194 | Choey et al. | Sep 2003 | A1 |
| 20030217122 | Roese et al. | Nov 2003 | A1 |
| 20030218533 | Flick | Nov 2003 | A1 |
| 20030233278 | Marshall | Dec 2003 | A1 |
| 20040017929 | Bramblet et al. | Jan 2004 | A1 |
| 20040036574 | Bostrom | Feb 2004 | A1 |
| 20040049675 | Micali et al. | Mar 2004 | A1 |
| 20040067773 | Rachabathuni et al. | Apr 2004 | A1 |
| 20040140899 | Bouressa | Jul 2004 | A1 |
| 20040153671 | Schuyler et al. | Aug 2004 | A1 |
| 20040203633 | Knauerhase et al. | Oct 2004 | A1 |
| 20040261478 | Conforti | Dec 2004 | A1 |
| 20050038791 | Ven | Feb 2005 | A1 |
| 20050061883 | Miller et al. | Mar 2005 | A1 |
| 20050171787 | Zagami | Aug 2005 | A1 |
| 20050241003 | Sweeney et al. | Oct 2005 | A1 |
| 20050255840 | Markham | Nov 2005 | A1 |
| 20050259606 | Shutter et al. | Nov 2005 | A1 |
| 20050274793 | Cantini et al. | Dec 2005 | A1 |
| 20050284931 | Adams et al. | Dec 2005 | A1 |
| 20060013234 | Thomas et al. | Jan 2006 | A1 |
| 20060022794 | Determan et al. | Feb 2006 | A1 |
| 20060048233 | Buttross et al. | Mar 2006 | A1 |
| 20060055510 | Little et al. | Mar 2006 | A1 |
| 20060059099 | Ronning et al. | Mar 2006 | A1 |
| 20060059557 | Markham et al. | Mar 2006 | A1 |
| 20060059963 | Conforti | Mar 2006 | A1 |
| 20060075492 | Golan et al. | Apr 2006 | A1 |
| 20060076420 | Prevost et al. | Apr 2006 | A1 |
| 20060102717 | Wood et al. | May 2006 | A1 |
| 20060106944 | Shahine et al. | May 2006 | A1 |
| 20060112423 | Villadiego et al. | May 2006 | A1 |
| 20060119469 | Hirai et al. | Jun 2006 | A1 |
| 20060136742 | Giobbi | Jun 2006 | A1 |
| 20060230019 | Hill et al. | Oct 2006 | A1 |
| 20060255129 | Griffiths | Nov 2006 | A1 |
| 20070046424 | Davis et al. | Mar 2007 | A1 |
| 20070046468 | Davis | Mar 2007 | A1 |
| 20070106754 | Moore | May 2007 | A1 |
| 20070186106 | Ting et al. | Aug 2007 | A1 |
| 20070250920 | Lindsay | Oct 2007 | A1 |
| 20080091944 | von Mueller et al. | Apr 2008 | A1 |
| 20080109098 | Moshier et al. | May 2008 | A1 |
| 20080129467 | Gennard | Jun 2008 | A1 |
| 20080189214 | Mueller et al. | Aug 2008 | A1 |
| 20080263640 | Brown | Oct 2008 | A1 |
| 20080277486 | Seem et al. | Nov 2008 | A1 |
| 20090050697 | Sparks et al. | Feb 2009 | A1 |
| 20090064744 | Wang | Mar 2009 | A1 |
| 20100023865 | Fulker et al. | Jan 2010 | A1 |
| 20100188509 | Huh | Jul 2010 | A1 |
| 20110006879 | Lambrou et al. | Jan 2011 | A1 |
| Number | Date | Country |
|---|---|---|
| WO 2005083210 | Sep 2005 | WO |
