This invention relates to access control in buildings and other premises.
Access control badges are commonly issued by companies, building management and other organizations to control access to their facilities to authorized individuals. Typically, identification (ID) badges are worn or carried by users to access buildings as well as internal areas within a building. Such badges commonly include one or more mechanisms that are read by card readers or the like to allow access to the user carrying the badge. Additionally, such badges often have the user's name and the user's picture printed on the badge. The badge may also have some printed identifier of the issuer of the badge, as well as other printed information.
According to an aspect a method of managing a badge having at least one display device on the badge includes receiving by a computer a message that identifies a user to which the badge is assigned, receiving by the computer geographic location information that indicates a current location of the badge, accessing by the computer a database that stores information associated with the user, determining by the computer based on the accessed information and the current location of the badge the specific information to display on the display device, and forwarding by the computer the determined information over a network to a communication node for delivery to the badge.
Other aspects include systems and computer program products.
The following are some features of embodiments within the scope of the above aspect.
The method further includes establishing by a processor device on the badge, a communication channel with the computer that accesses a database that stores information associated with the user and the badge. The method further includes accessing by the computer a rule set that is based on the physical location of the badge at the time that the message is received. The method further includes establishing a communication channel with a computer that accesses a database that stores information associated with the user and the badge. The method further includes detecting by the computer establishment of a communication channel by circuitry on the badge and determining by the computer whether an update to the badge is required by executing one or more rules. Determining whether an update is required further includes accessing by the computer a record that associated with the badge, reading by the computer whether the record contains an acknowledgement message of a previous update being applied by the badge, and determining whether there is a new update for the badge that is later than a timestamp associated with the acknowledgement message. The method further includes sending by the computer the new update when the acknowledgement message has a timestamp later than a timestamp of the new update.
The method further includes producing by the computer an update package for the badge. Producing by the computer an update package, further includes receiving by the computer from NFC tags on the badge encoded information including the badge ID, determining by the computer the source address of an access point that read teh encoded information, determining by the computer, whether the access point is within a company's network, and applying by the computer a set of rules according to whether the access point is within or outside of the company network. The rules are a first set of on-company premises rules that includes a company events rule that when executed determines whether the badge ID is authorized to be at a specified event, by the server, accessing a list of attendees; and determining whether the badge ID is an authorized ID for the event; and sending an update to the badge, where the update is selected according to the execution of the company events rule. The rules are a first set of off-company premises rules that includes an employee termination rule that when executed determines whether the badge ID is a terminated badge, receiving from any access point that is connected with the badge from the NFC tag the encoded badge ID, accessing by the computer a list of terminated employees by badge ID, and update package ID when the identification of the badge is on the list. The update includes instructions that when executed by the badge, automatically wiped off all data from the display and disables a processor in the badge from receiving any further updates, by at least deleting a URL reference stored in the badge.
According to an additional aspect, a method of operating a badge having at least one electronic ink display device supported by the badge includes sending by a processor carried by the badge information securely held in the badge, which uniquely identifies a user to which the badge is assigned, receiving by the processor from a communication node a message having specific information for display by the display device, and causing the display device to display information according to the specific information in the received message.
The following are some features of embodiments within the scope of the above aspect.
Establishing by the processor device on the badge, a communication channel with a computer that accesses a database that stores information associated with the user and the badge.
One or more of the above aspects may provide one or more of the following advantages.
The disclosed techniques replace the current static ID badges with an enhanced ID badge that dynamically display names, graphics, event and dynamic specific information based on badge location. These “dynamic badges” interface with a server system. The dynamic badges can be used for access control and can also be utilized in hospitals by patients and personnel, in residential apartment or condominium settings, and in offices by office personnel and visitors. In addition, the dynamic functionality can be used to display employee names and departments for internal meetings, allowing personnel to easily identify each other for networking and communication purposes. In addition, the enhanced ID badge can be used in conjunction with the server system to significantly improve security measures to prevent data breaches, identity theft, and unauthorized access within an organizations premises.
Various dynamic badge use cases that involve specific server-side rule execution are provided. These use cases cause modifications to the dynamic badge providing additional capabilities to the badge, unlike conventional ID badges with fixed printed matter that employees, etc., commonly wear to access buildings, etc. The dynamic badges dynamically display names, and graphics, as well as event and dynamic-specific information. Thus, these dynamic badges can be used for much more than just access points, but also to display employee names and departments for internal meetings to reduce paper waste, can serve as name tags, etc. In addition, the dynamic badge could significantly improve controls for meetings were only certain people are authorized or invited to attend.
Badges are provided with electrophoretic displays and thus can have custom backgrounds that can display a variety messages, whether for internal meetings on company premises or meetings outside of company property. For a meeting, rather than printing many name tags for such meetings, the badges convert to a name tag and would display information appropriate for the meeting and could dynamically display event-specific images.
The dynamic badge can automatically be wiped clean if a person is terminated from employment or no longer permitted to access a building. The badge could be configured to automatically appear blank with no identifying information whatsoever once the employee is outside of a range of company property (in order to prevent improper use of the badge if lost or stolen, by using a lost badge to gain access by an unauthorized person). When back in range, the badge can be wirelessly reconfigured with appropriate information. Badges can be of different types for security level purposes and wearer status, e.g., contractor vs full time employee. Other advantages are disclosed herein.
The details of one or more embodiments of the invention are set forth in the accompanying drawings and the description below. Other features, objects, and advantages of the invention will be apparent from the description and drawings, and from the claims.
Referring now to
In
Referring now to
The server computer executes a setup process 31a (
Referring now to
The display 50 is an electrophoretic ink based display. While both segmented and matrix types of displays can be used depending on the degree of versatility in features required by the dynamic badges 12, in general active matrix type displays offer far more versatility. As an example, the display 50 is an electrophoretic ink based display that can be obtained from E Ink Corporation, as well as other sources. Exemplary displays include E-Ink Carta a monochromatic active matrix display with integrated drive electronics. Another example is E-Ink Spectra a color active matrix display with integrated drive electronics. Still another is E-ink Triton another active matrix display. E Ink Surf is an exemplary segmented display. Segmented displays may be used in badges that display very limited dynamic information, such as a security level or whether a person can access a facility or area within a facility.
As discussed herein the displays will be assumed to be active matrix unless otherwise specified. Typically, such displays 50 have display cells (pixels) and drive electronic circuity to drive the cells. Generally, display modules include the drive circuits 48 for the display 50. The drive circuity is typically TFT (thin film transistor) circuity to control individual pixels. Other active matrix display techniques can be used.
The communication device 44 can be any sort of device, e.g., a chip or a strip, that can be detected by a Near Field Communication (NFC) based device. NFC is a technology that enables devices to establish radio communication with each other by touching devices together or bringing devices into close proximity of typically 20 cm (7.8 in) or less. NFC peers can connect to a third party NFC device that acts as a server for any action (or reconfiguration). NFC employs electromagnetic induction between two loop antennae to exchange information, e.g., between the NFC reader and the NFC chip or strip. NFC devices can work in three modes NFC Card Emulation, NFC
Reader/Writer, and NFC peer-to-peer (P2P) modes. In the NFC Reader/Writer, and NFC peer-to-peer (P2P) modes the NFC device generates its own R.F. field, and would be well-suited to the dynamic badge application.
In the NFC Card emulation mode, this mode enables NFC-enabled devices such as smartphones to act like smart cards, allowing users to perform transactions. In this mode, an NFC device does not generate its own R.F. field. Rather, a NFC reader generates the field. NFC Reader/writer mode enables NFC-enabled devices to read information stored on inexpensive NFC tags embedded in labels or smart posters. NFC peer-to-peer mode enables two NFC-enabled devices to communicate with each other to exchange information in an ad hoc fashion. While all three modes may be used (for at least some of the features of the dynamic badge) it appears that the NFC peer-to-peer mode may be more suitable.
NFC tags are read only (but may be in some instances re-writable) contain data (currently between 96 and 4,096 bytes of data can be stored on an NFC tag). The NFC tags are encoded according to the badge owner's specification to include at least two piece of information, a user or more likely the dynamic badge identification (ID) that is subsequently associated with a specific user, and a uniform resource locator or (URL) that is a reference to a resource that specifies the location of the resource on a computer network and a mechanism for retrieving the resource that in the example is an application on the server computer 14.
The battery 49 can be of any electro-chemical cell type provided that the battery can satisfy the power and voltage requirements of the circuitry 40. For example, many instances of the electrophoretic ink based displays require drive voltages of 15 Volts, whereas the voltage requirements of the other circuity 40 may be much less, e.g., 3.3 Volts or less. Thus in some applications, voltage step up is required for the display 50, which can be accomplished in various ways such as through use of a step-up DC-DC converter 51. Alternatively, a cell chemistry or battery configuration that produces the requisite voltage could be used. In other implementations another type of interface device, i.e., a P2P device could be used such as a Blue Tooth transceiver 46. A Blue Tooth transceiver would need to perform a pairing operation with a nearby Blue Tooth transceiver.
The microcontroller 42 is programmed or pre-configured with a limited instruction set that allows the microcontroller 42 to login on to a specific site and request an update. A query for an update is sent through a webserver (not shown) to application server 14, where an application on the server 14 can access data and/or update packages from the database 30. In general, update packages are time stamped, with the time that the package was produced and either stored with the package or associated with the package can be confirmations indicating that the specific update package was received by the specific one of the dynamic badge generally badges 12. Based on the state of the person in the database 30, the location, status, time, date, an event, etc. an update package is produced/retrieved and is sent back to the badge 12a, via the NFC reader, and the display 50 on the badge 12a is updated, e.g., wiped clean or has a message put on it according to the update package.
Referring now to
The dynamic badge 12a has an aperture 62 through which a fastener (not shown) is disposed. Common fasteners include those having a loop (not shown) of plastic with male/female snaps (not shown) at either end of the loop, with one end of the loop affixed to a clip (not shown). The loop is placed through the aperture 62 and the snaps are joined. The clip is typically a pivot-able about the affixed end of loop and the clip typically opens and closes such that it can be attached to an article of clothing.
Referring now to
Referring now to
The profile will have fields for at least the following:
As part of a setup process, an initial package is produced. This initial package includes data (in a format in a compressed format such as JPEG, TIFF, or other well-known format or in a format required by the display to minimize processing by the microcontroller) that can render on the display, information required by the organization. Depending on the capabilities of the display device, this information can include a user's picture, a user's name, a user's department, and user's security level (if required). Other information can be displayed. In some implementations where the display is of very limited capability, the display may only display text information, e.g., user's name, and various messages, but not a user's picture. The badge is associated 74 with the user's profile by applying the badge ID to the user's profile. The badge is updated 76 with the initial package by being in contact with or close proximity to a NFC reader. As part of the initial setup, the badge can be programed with the URL, but in some implementations, the server URL can be pre-programmed into the microcontroller. In any event the microcontroller includes at a minimum instructions for connecting to the specified URL and instructions for downloading an update package from a website according to the URL. The microcontroller also includes instructions that decompress the file according to the format to produce data to drive the display drivers in the display as in the above E-Ink displays.
Referring now to
The update package includes one or more messages that are rendered on the display 50. What data that is displayed is a function of several variables, including time of day, location and event, as will be discussed below.
Referring now to
Referring now to
The updating packaging module on server 14 accesses 92 data from the database storage (or receives data from other server computers coupled to other databases such as a security database, personal database, etc.). For each registered dynamic badge 12, the updating packaging module produces 94 an update package for the dynamic badge according to various criteria including current badge location, current date, current time and events associated with the assigned user of the dynamic badge. In some implementations GPS (global position system) data can be loaded into the microcontroller via the access point as well as the time of contact with the access point by the dynamic badge 12a.
The updating packaging module receives 96 from the NFC tags encoded information including the user or badge ID, which corresponds to a trigger message from the badge 12a to the server 14 indicating an updating request. This “trigger message” is generated each time the NFC tag on the badge 12a is read by an access point on a network. The request to connect to the web server includes the source IP address of the access point. The trigger message is sent to the server and invokes the updating packaging module. The updating package module reads the dynamic badge ID determines 98 the source address of the access point and retrieves other information including time, date, GPS location, and events.
If the access point is within a company's network (or IP address range), a first set of rules (e.g., an on-company premises rules set) is retrieved 102, whereas if the access point is outside of a company's network a second set of rules (an off-company premises rules set) is retrieved 104. These rule sets and the specific rules within each rule set are defined typically by a company. While the rules sets generally will be different, there can be overlap in certain rules within the first and second set of rules.
For the first set of rules, the server accesses the on-company premises rules set, and determines based on the specific location, access point, time, and date, an update package. In this embodiment, the server accesses five different rules and at any point can stop processing further rules, based on one of the rules being satisfied and the appropriate update package being sent. The update process will process subsequent badge ID for other users.
Company Events Rule
A first rule can be a company events rule. For processing of the company events rule, the rule can be triggered by one or more predefined access points at specific times/dates receiving from the NFC tag the encoded badge ID. When this rule is triggered, the server retrieves a company event rule that can have the following form:
For this rule, the server accesses the list of attendees. If the server determines that the badge ID is an authorized ID, the server retrieves an update package that has data appropriate for the event. For example, the package can include the person's name and department/business unit associated with the badge ID. In addition, the badges could dynamically display event-specific images in addition to or in lieu of a company logo. When the server receives the badge ID message from a particular one or more of the access points, indicating that the badge is close to the meeting location, the updating package is sent to the dynamic badge 12a.
However, for this rule if the server determines that the badge ID is not an authorized ID based on the list of attendees, the server retrieves a different update package that has different data appropriate for the user not being part of the event, such as a friendly message indicating that the person is not authorized for the event.
Employee Termination Rule
A second rule can be an employee termination rule. For processing of the employee termination rule, the rule can be triggered by any access point at any time/date receiving from the NFC tag the encoded badge ID. When this rule is triggered, the server retrieves employee termination rule that can have the following form:
Rule name <employee termination rule>;
Terminated employee<reference to a list of terminated employees by badge ID>update package ID<reference to an update package>
In this situation the update package can simple automatically wiped off all data from the display and disable the processor from receiving any further updates from the server 14, such as by deleting URL and otherwise disabling the badge, etc. As the badge includes the NFC chip or strip, the NFC reader may still make a connection with the badge once wiped clean, however by deleting the URL, etc. no further update requests can be made and thus the badge will remain blank.
Thus, when a terminated employee walks by or stands in an area with an active NFC reader (or a Wi Fi), the NFC reader performs a handshake with the badge, the reader through an access point connects to the server, and the server sends the update package that automatically wipes off all data from the display and can delete the URL or otherwise disables the processor. The terminated employee need not be on company premises for this rule to be executed.
Employee Offsite Rule
A third rule can be an employee off premises rule. For processing of the employee off premises rule, the rule can be triggered by access points at the perimeter of a company facility, at any time/date receiving from the NFC tag the encoded badge ID. When this rule is triggered, the server retrieves employee off premises rule that can have the following form:
In this situation the update package automatically wipes off all data from the display, as in the employee termination rule, but without disabling the processor from receiving any further updates from the server 14. Thus, by leaving the URL, etc. active on the badge, as the NFC chip or strip on the badge come into proximity with an NFC reader, the chip/strip can make a connection with the badge and the microcontroller can access the resource specified by the URL, at the server 14, etc. to provide new update requests and receive new update packages that render badge information on the monitor 50.
Thus, the dynamic badge 12a is configured to automatically appear blank with no identifying information whatsoever once the employee is outside of a range of a company's property. This range would be determined by user preferences and by capabilities of the access points used in communicating with the dynamic badge 12a. Therefore, when commuting to/from work, the badge would not be visible to others and would only wirelessly “activate” near an NFC reader at specific on company premises access points.
Security Level Access Rule
In many companies, hospitals, and other settings such as government facilities there is a need to have different types of badges for different security level access, for distinguishing between contractor vs employees, full time employees, vs. part time, etc. Often these different levels are fixed for a specific duration and then expire.
A fourth rule can be a security level access rule. For processing of the security level access rule, the rule can be triggered by any access points at the perimeter of a company facility or within a company facility, at any time/date receiving from the NFC tag the encoded badge ID. When this rule is triggered, the server retrieves the security level access rule that can have the following form:
In this situation, the update package automatically applies a message to the display from the server 14 that indicates a security level. With this rule, badges 12 are provided with instructions that cause the badges to look different for persons according to the person's relationship to the company. For example, different colors can be applied to the dynamic badge 12a to identify access level. With the dynamic badge 12a, those identifiers can allow employees to more easily monitor non-employees and prevent security breaches, etc.
Offsite Event Rule
A group of employees are at a dinner at an external site. The server 14 can allow the employee (through an internal site) to program their badge to display, more limited information (such as only their first name) or this could be controlled by a corporate function.
A fifth rule can be an offsite event rule. For processing of the offsite event rule, the rule can be triggered by any access points outside of a company facility, at any time/date, receiving from the NFC tag the encoded badge ID. When this rule is triggered, the server retrieves the offsite event rule that can have the following form:
In this situation, the update package automatically applies a message to the display from the server 14 that merely displays the wearer's first name (or some other information).
Other rules can be devised. In addition, other information can be displayed such as updating a person's badge with their years of employment, indicating a service anniversary or a congratulatory message, etc.
For a more secure environment, security labels can be displayed in the display 50 on the badge 12a. For example, when a user is in an authorized area part of the display can display a message, e.g., “authorized” (or the like) or the display 50 on the badge 12 can have a specific color, e.g., green (or other color whose convention is understood). However, when an authorized user of a badge 12a is in unauthorized area for that user, an update message can be produced to indicate to others to deny access by displaying on the display a message such as “deny access” and/or by turning the display 50 on the dynamic badge 12a to a different color, e.g., red (or other color whose convention is understood). When a contractor, which has a different badge color, is hired as a permanent employee, rather than issuing a new physical badge, the dynamic badge can be wiped & updated to an employee badge by an appropriate update package. The badges can be used as name tags for easy identification at events and locations. Many other use cases, e.g., rules, can be developed using the above described techniques.
The dynamic badges requires a special computing device that is capable of taking input from an access point on a network. Server computers are computing systems, such as a distributed computing systems. Server computers may be a single server or a group of servers that are at a same location or at different locations and could be cloud-based servers.
Servers receive information from the NFC devices on the dynamic badges, via a suitable interface. Servers also include processor and memory and a bus system (not shown), including, for example, an information bus and a motherboard, can be used to establish and to control information communication between the components of server.
Processors generally are microcontrollers, commonly used in embedded applications that have sufficient processing power for receiving and storing information, and communicating over a network to the server and which can interface with the display driver circuitry. Memory is generally included in the microcontroller and can include random access memory and other types of non-transitory machine-readable storage devices.
Embodiments can be implemented in digital electronic circuitry. Apparatus of the invention can be implemented in a computer program product tangibly embodied or stored in a machine-readable storage devices and/or machine readable media for execution by a programmable processor in the server and/or the microcontroller in the dynamic badge. The computer program product thus includes a program of instructions to perform functions and operations of the invention by operating on input information and generating output and which is stored in tangible, non-transitory media that can be persistent storage or volatile storage.
The invention can be implemented advantageously by one or more computer program products that are stored on computer readable hardware devices and which are executable on a programmable system including at least one programmable processor coupled to receive information and instructions from, and to transmit information and instructions to, an information storage system, at least one input device, and at least one output device.
Each computer program can be implemented in a high-level procedural or object oriented programming language, or in assembly or machine language if desired; and in any case, the language can be a compiled or interpreted language.
A number of embodiments of the invention have been described. Nevertheless, it will be understood that various modifications may be made without departing from the spirit and scope of the invention. In other implementations, the dynamic badge can be used as a hotel key, an apartment key or a locker key. Accordingly, other embodiments are within the scope of the following claims.