Patent Application
20220092900
Access control devices (e.g., access control readers, door locks, etc.) can be used to control various types of protected environments. For example, access control readers can be used to regulate the entry into and movement within a building (e.g., a commercial building). Depending on the needs of the protected environment, multiple access control devices may be used within a single protected environment. For example, there may be one access control reader on an entry side of an exterior door (e.g., placed outside the building), another access control reader on an exit side of the exterior door (e.g., placed inside the building), and a further access control reader or door lock on a nearby interior door (e.g., to a room inside the building). In certain instances, the access control devices may be within a few feet or even a few inches from one another. For example, the access control readers on either side of the exterior door may only be separated by the thickness of the wall.
Regardless of where the access control devices are placed, to access the protected environment, authorized access credentials must be presented (e.g., to the access control device). Conventionally, credentials have been presented to the access control devices using an RFID card, a FOB, a card with a magnetic stripe, and/or a mobile device. Mobile devices are becoming increasingly popular due, at least in part, to their ability of providing contactless access. Contactless access works by sending a signal (e.g., using Bluetooth, etc.) from the mobile device to the access control devices without requiring the physical interaction with the access control device. However, when multiple access control devices are within a relatively small area, more than one access control device may receive the signal, which may cause the wrong access control device to generate the unlocking signal. This may result in either the wrong door being unlocked (e.g., which could allow someone other than the person presenting the access credentials to access a protected environment), or wrong auditing information being generated. In either case, unnecessary confusion may be caused for the user (e.g., of the mobile device) and/or the security system (e.g., which relies on correct auditing information).
Accordingly, there remains a need for an access control system that is capable of preventing, or at least mitigating, the wrong access control device from generating the unlocking signal.
According to one embodiment, an access control system including a first access control device and a second access control device is provided. Each access control device configured to receive a signal from a user device. The signal having a first signal strength at the first access control device and a second signal strength at the second access control device. The first signal strength being transmitted from the first access control device to the second access control device and the second signal strength being transmitted from the second access control device to the first access control device. Each of the first access control device and the second access control device respectively including a processor configured to compare the first signal strength and the second signal strength to determine whether the first access control device or the second access control device is closest to the user device.
In accordance with additional or alternative embodiments, the signal includes an access credential.
In accordance with additional or alternative embodiments, the processor of the access control device closest to the user device is configured to determine whether the access credential is authorized, the processor configured to generate an unlocking signal when the access credential is authorized.
In accordance with additional or alternative embodiments, the access control system further includes at least one lock actuator communicatively connected with at least one of the first access control device and the second access control device, the lock actuator configured to unlock a mechanical or electronic lock when receiving the unlocking signal.
In accordance with additional or alternative embodiments, the first access control device and the second access control device are communicatively connected to a shared lock actuator, the unlocking signal being transmitted from the access control device closest to the user device.
In accordance with additional or alternative embodiments, the first access control device is communicatively connected to a first lock actuator, and the second access control device is communicatively connected to a second lock actuator, the unlocking signal being transmitted to the lock actuator communicatively connected with the access control device closest to the user device.
In accordance with additional or alternative embodiments, the access control system further includes a database, at least one of the first access control device, the second access control device, and the user device in communication with the database.
In accordance with additional or alternative embodiments, at least one of the first access control device, the second access control device, and the user device are configured to transmit a log entry to the database.
In accordance with additional or alternative embodiments, the user device includes at least one of an RFID card, a FOB, a wearable device, and a mobile device.
In accordance with additional or alternative embodiments, at least one of the first access control device and the second access control device are powered by a wired connection, and the user device is battery powered.
According to another aspect of the disclosure, a method for operating an access control system including a first access control device and a second access control device is provided. The method includes a step for receiving a signal from a user device at both the first access control device and the second access control device, the signal having a first signal strength at the first access control device and a second signal strength at the second access control device. The method includes a step for transmitting at least one of the first signal strength from the first access control device to the second access control device, and the second signal strength from the second access control device to the first access control device. The method includes a step for comparing, in at least one of the first access control device and the second access control device, the first signal strength with the second signal strength to determine whether the first access control device or the second access control device is closest to the user device.
In accordance with additional or alternative embodiments, the signal includes an access credential.
In accordance with additional or alternative embodiments, the method further includes a step for processing, in the access control device closest to the user device, the access credential to determine whether the access credential is authorized.
In accordance with additional or alternative embodiments, the first access control device and the second access control device are in communication with a lock actuator.
In accordance with additional or alternative embodiments, the method further includes a step for transmitting an unlocking signal, from the access control device closest to the user device, to the lock actuator, the lock actuator configured to unlock a mechanical or electronic lock when receiving the unlocking signal.
In accordance with additional or alternative embodiments, at least one of the first access control device, the second access control device, and the user device are in communication with a database.
In accordance with additional or alternative embodiments, the method further includes a step for transmitting a log entry to the database from at least one of the first access control device, the second access control device, and the user device.
In accordance with additional or alternative embodiments, the user device includes at least one of an RFID card, a FOB, a wearable device, and a mobile device.
In accordance with additional or alternative embodiments, at least one of the first access control device and the second access control device are powered by a wired connection, and the user device is battery powered.
In accordance with additional or alternative embodiments, the transmitting of at least one of the first signal strength and the second signal strength is completed using a short-range communication, the short-range communication comprising at least one of Bluetooth, Bluetooth Low Energy (BTLE), Zigbee, infrared, ultra-wide band (UWB), and Wi-Fi.
The subject matter, which is regarded as the disclosure, is particularly pointed out and distinctly claimed in the claims at the conclusion of the specification. The following descriptions of the drawings should not be considered limiting in any way. With reference to the accompanying drawings, like elements are numbered alike:
Access control devices (e.g., including, but not limited to, access control readers, door locks, etc.) may grant or deny access to a particular environment (e.g., different areas of a commercial building) based on whether or not authorized credentials are received. The credentials are typically transmitted with a separate item (e.g., an RFID card, a FOB, a card with a magnetic stripe, and/or a mobile device). Depending on the capabilities of the separate item (e.g., whether the separate item can transmit a signal) the separate item may have to physically contact the access control device to transmit the access credentials. However, with contactless access being the more preferred means of presenting credentials, it is preferable if the separate item is capable of transmitting a signal to the access control device. It should be appreciated that user device described herein may be any device capable of transmitting a signal to an access control device. For example, the user device may be an RFID card, a FOB, a wearable device (e.g., a smartwatch, band, etc.), or a mobile device (e.g., such as a mobile phone or tablet). As described below, this user device may transmit a signal to multiple access control devices, which may communicate with one another (e.g., using a short-range communication such as Bluetooth, Bluetooth Low Energy (BTLE), Zigbee, infrared, ultra-wide band (UWB), and Wi-Fi or over a wired communication such as UART, Serial, Fiber-optic, SPI or Ethernet cable) to determine which access control device is closest to the user device.
This internal determination (e.g., done locally in the access control device(s), instead of at a remote server/database or controller) may ensure that the right access control device (e.g., the closest to the user device) completes the processing of the access credentials (e.g., generating an unlocking if the access credentials are authorized). By completing the determination and processing locally in the access control device(s), instead of at a remote server or controller, the delay in granting access may be minimized. This may be especially true when the network (of which the remote sever(s) and controller(s) are dependent upon, the sever(s) and/or the controller(s) being where the determination of closest access control device is often completed) has a slow connection or has a long latency. In addition, with the correct access control device completing the processing, the auditing information (e.g., which may indicate, among other things, when a certain user entered or exited at a certain entry/exit point) will be correct, which may help reduce confusion within the access control system.
It should be appreciated that each access control device may be connected to a controller, and each controller may be connected to a network (e.g., using a gateway, such as a router). The network may contain one or more databases maintained at a central server (e.g., which may be either on-site and/or cloud-based) and relevant parts (e.g., the updated list of authorized access credentials) of the databases may be downloaded to individual controllers. The controllers may communicate the authorized access credentials and any associated limitations or expirations of the authorized access credentials to the access control devices for storage and later processing (e.g., by a processor in the access control device). In certain instances, individual access control devices may be connected directly to the network (e.g., without using a controller), and/or may receive authorized access credentials and any associated limitations or expirations of the authorized access credentials from an external device (e.g., a user device, such as a mobile device, computing device, mobile tablet, etc.).
With reference now to the Figures, various schematic illustrations of an access control system 100 are shown in
The signal 131 from the user device 130 may have a different signal strength at the first access control device 110 than the second access control device 120. This difference is signal strength may be due, at least in part, the difference in distance from the user device 130. For example, as shown in
The first access control device 110 and the second access control device 120 may be configured to transmit their respective signal strengths to one another. For example, the first signal strength may be transmitted from the first access control device 110 to the second access control device 120, and the second signal strength may be transmitted from the second access control device 120 to the first access control device 110. It should be appreciated that first signal strength and the second signal strength may be transmitted wirelessly (e.g., using a short-range communication such as Bluetooth, Bluetooth Low Energy (BTLE), Zigbee, infrared, ultra-wide band (UWB), and Wi-Fi) or over a wired communication (e.g. UART, Serial, Fiber-optic, SPI or Ethernet cable). The first access control device 110 and the second access control device 120 may compare, in a processor 111, 121, the first signal strength with the second signal strength to determine whether the first access control device 110 or the second access control device 120 is closest to the user device 130. For example, the processor 111, 121 may determine that the access control device 110, 120 with the highest intensity signal strength is the closest to the user device 130. Each respective processor 111, 121 may be, but is not limited to, a single-processor or multi-processor system of any of a wide array of possible architectures, including field programmable gate array (FPGA), a central processing unit (CPU), application specific integrated circuits (ASIC), digital signal processor (DSP) or graphics processing unit (GPU) hardware arranged homogenously or heterogeneously.
Although
The signal 131 from the user device 130 may include an access credential. In certain instances, the access credential is processed locally in one of the access control devices 110, 120 (e.g., not processed by a controller). For example, the access credential may be processed in the closest access control device to the user device 130, which, as depicted in
The processor 111, 121 that completes the determination of whether the access credential is authorized may generate an unlocking signal when the access credential is authorized (e.g., matches a stored authorized access credential). This unlocking signal may be transmitted wirelessly (e.g., using a short-range communication such as Bluetooth, Bluetooth Low Energy (BTLE), Zigbee, infrared, ultra-wide band (UWB), and Wi-Fi) or over a wired communication (e.g. UART, Serial, Fiber-optic, SPI or Ethernet cable) to the lock actuator 311, 321 associated with the particular access control device 110, 120. This lock actuator 311, 321 may be configured to unlock a mechanical or electronic lock when receiving the unlocking signal. To ensure that the unlocking signal is transmitted to the correct lock actuator 311, 321 (e.g., associated with a particular access control device 110, 120), each lock actuator 311, 321 may be linked with an access control device 110, 120. For example, the lock actuators 311, 321 and the access control devices 110, 120 each may be given unique device identifiers (e.g., to enable the lock actuators 311, 321 and the access control devices 110, 120 to know and trust one another).
Each unique device identifier may consist of a unique numeric or alphanumeric code, and may be stored in the database 141 or the storage medium of the access control device 110, 120 (e.g., the database 141 or access control device 110, 120 may store which particular unique device identifier, associated with a particular lock actuator 311, 321, is linked with which other particular unique device identifier, associated with a particular access control device 110, 120). It is envisioned that at least a portion of a unique device identifier may be transmitted with the unlocking signal (e.g., the lock actuator 311, 321 may receive a portion of its own unique device identifier or a portion of a unique device identifier of a particular access control device 110, 120 when receiving an unlocking signal). It should be appreciated that at least portion of a unique device identifier may be transmitted between the access control devices 110, 120 when communicating (e.g., when transmitting their associated signal strengths). For example, the first access control device 110 may transmit at least a portion of its own unique device identifier or at least a portion of the second access control devices 120 unique device identifier to the second access control device 120 when transmitting the first signal strength.
To ensure that the correct auditing information (made of multiple log entries) is generated and the correct lock actuator 311, 321 receives the unlocking signal, the unlocking signal may only be transmitted from the access control device 110, 120 closest to the user device 130. As shown in
It is envisioned that at least one of the first access control device 110 and the second access control device 120 may be powered by a wired connection, and the user device 130 may be battery powered. Due to the way in which the above-described access control system 100 functions (e.g., completing the determination of closest access control device 110, 120 locally, in the access control devices 110, 120), the load on the battery of the user device 130 may be minimal. For example, instead of consuming potentially large amounts of power by completing the processing in the user device 130, the access control system 100 described herein may only use the user device 130 as a beacon (e.g., a signal 131 generator). As such, the user device 130 can be virtually any low power device (e.g., any device capable of transmitting a signal 131 to the access control devices 110, 120). For example, the user device 130 may be an RFID card, a FOB, a wearable device (e.g., a smartwatch, band, etc.), or a mobile device (e.g., such as a mobile phone or tablet).
Although described above to be useful in a commercial building, it is envisioned that the access control system 100 described herein may be useful in a variety of different settings. For example, the access control system 100 may be useful in any type of environment where multiple access control devices 110, 120 are within a relatively small area. As described above, the configuration and operation of the access control system 100 makes it possible to prevent, or at least mitigate, the wrong access control device 110, 120 from generating the unlocking signal, which may cause confusion to the user (e.g., of the user device 130) and/or the security system (e.g., which relies on correct auditing information).
An exemplary method 800 of operating an access control system 100 is illustrated in
The use of the terms “a” and “and” and “the” and similar referents, in the context of describing the invention, are to be construed to cover both the singular and the plural, unless otherwise indicated herein or cleared contradicted by context. The use of any and all example, or exemplary language (e.g., “such as”, “e.g.”, “for example”, etc.) provided herein is intended merely to better illuminate the invention and does not pose a limitation on the scope of the invention unless otherwise claimed. No language in the specification should be construed as indicating any non-claimed elements as essential to the practice of the invention.
While the present disclosure has been described with reference to an exemplary embodiment or embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted for elements thereof without departing from the scope of the present disclosure. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the present disclosure without departing from the essential scope thereof. Therefore, it is intended that the present disclosure not be limited to the particular embodiment disclosed as the best mode contemplated for carrying out this present disclosure, but that the present disclosure will include all embodiments falling within the scope of the claims.
The application claims the benefit of U.S. Provisional Application No. 62/706,925 filed Sep. 18, 2020, the contents of which are hereby incorporated in their entirety.
| Number | Date | Country | |
|---|---|---|---|
| 62706925 | Sep 2020 | US |
