Patent Grant
9443362
The present invention relates generally to solutions for handling credential data in an efficient manner, for example in connection with access control. More particularly the invention relates to a reader unit configured to register credential data in respect of users seeking access to a well-defined space, communicate with an access-control-related building component associated with the well-defined space, and communicate with a first credential data receiver for causing at least one access decision in respect of the well-defined space to be effected; a data communication system comprising the proposed reader unit, an access-control-related building component associated with the reader unit and the well-defined space, and a first credential data receiver configured to receive credential data registered by the reader unit and in response thereto cause at least one access decision in respect of the well-defined space to be effected; and a method of communicating data in a network comprising: registering credential data in a reader unit, the credential data representing users seeking access to a well-defined space associated to the reader unit, forwarding any registered credential data to a credential data receiver and in response thereto effecting at least one access decision in respect of the well-defined space.
In modern buildings, especially in business premises, electronic access control (EAC) systems are often used to control entries to and exits from various facilities. Here, personal so-called credential data are normally used as a basis to define which subjects who are authorized to enter a certain area during a given interval of time. The credential data may be embodied in a key fob, a smartcard, a proximity card or other appropriate carrier, e.g. a subscriber identity module (SIM) card of a mobile telephone or a personal digital assistant (PDA).
A reader unit, for instance of short-range radio communication type, can be employed to register the credential data and forward the data to an access control node. In this context, the short-range radio communication type of interface is understood to adhere a known wireless protocol, e.g. the NFC (Near Field Communication) protocol, Bluetooth ZigBee or WiFi. Provided that the credential data are found to represent an authorized subject, the access control node causes an access message to be sent to a control mechanism of a door associated with the reader, for instance via a UART protocol (UART=Universal Asynchronous Receiver/Transmitter), resulting in that the door opens.
US 2008/0163361 describes a solution, for providing a secure access network. Here, access decisions are made by a portable credential using data and algorithms stored on the credential. Since access decisions are made by the portable credential non-networked hosts or local hosts can be employed that do not necessarily need to be connected to a central access controller or database thereby reducing the cost of building and maintaining the secure access network.
US 2011/0187493 discloses a system, wherein access is controlled within a multi-room facility. A guest of the multi-room facility is here allowed to remotely confirm reservations to the facility as well as bypass the front desk of the multi-room for check-in purposes. At a location within the facility, the guests are allowed to confirm their arrival, check-in, and have their access credential written with personalized access data that may be useable for the duration of the guest's stay.
Consequently flexible access solutions are known. However, there is yet no efficient system enabling different enterprises/organizations to share one or more automatic doors (or other access related components) of a building without requiring a central control function for said one or more doors/components, which is common for all organizations.
The object of the present invention is therefore to solve the above problem, and thus offer flexible and efficient solution that enables different enterprises/organizations to conveniently share one or more automatic doors (or other access related components).
According to one aspect of the invention, the object is achieved by the initially described reader unit, wherein the reader unit is configured to communicate with at least one second credential data receiver for causing at least one access decision in respect of the well-defined space to be effected. The reader unit is further configured to forward each registered piece of credential data to either the first credential data receiver or to a particular one of the at least one second credential data receiver based on an address linked to the piece of credential data. The linked address identifies the first credential data receiver or the particular one of the at least one second credential data receiver. The linked address (preferably of Internet-Protocol type), in turn, is stored in either a memory module associated with the reader unit; or on a carrier (e.g. a card) holding the piece of credential data, which carrier is configured to be presented to the reader unit for registering the piece of credential data.
This reader unit is advantageous because it renders it possible for different enterprises and organizations to control various access-related components independently of one another while sharing a common reader unit.
According to another aspect of the invention, the object is achieved by the data communication system described initially, wherein the data communication system includes at least one second credential data receiver configured to receive credential data registered by the reader unit, and in response thereto cause at least one access decision in respect of the well-defined space to be effected. Moreover, the reader unit is communicatively connected to the first credential data receiver and the at least one second credential data receiver. The reader unit is further configured to forward a registered piece of credential data to either the first credential data receiver or a particular one of the at least one second credential data receiver based on an address linked to the piece of credential data, which address identifies the first credential data receiver or the particular one of the at least one second credential data receiver. The linked address, in turn, is stored in a memory module associated with the reader unit, or on a carrier holding the piece of credential data, which carrier is configured to be presented to the reader unit for registering the piece of credential data. The advantages of this system are the same as those associated with the above-proposed reader unit.
According to one preferred embodiment of this aspect of the invention, the at least one access decision involves granting or refusing access to the well-defined space. Here, the access-control-related building component includes a lock mechanism configured to selectively enable or prevent access to the well-defined space via a door associated with the reader unit. In response to a received piece of credential data, each of the first and the at least one second credential data receiver is configured to check the piece of credential data against a database defining a set of users' access rights to the well-defined space. If the piece of credential data is found to designate an authorized user, the credential data receivers are configured to cause an access grant message to be sent to the lock mechanism, which access grant message orders the lock mechanism to open the door. Otherwise, i.e. if the user is found not to be authorized, the credential data receivers are configured to refrain from causing the access grant message to be sent to the lock mechanism. Hence, the access to a building, or part thereof, can be controlled in a very convenient and efficient manner.
According to another preferred embodiment of this aspect of the invention, the at least one access decision involves registering an entry to or exit from the well-defined space. Here, in response to a received piece of credential data, each of the first and the at least one second credential data receiver is configured to: register an entry if the piece of credential data is received via a first scanner of the reader unit, and register an exit if the piece of credential data is received via a second scanner of the reader unit. Thus, a digital puncher/time-clock can be conveniently implemented.
According to a further preferred embodiment of this aspect of the invention, the data communication system includes a control node that is communicatively connected to the reader unit and each of the first and the at least one second credential data receiver. The control node is configured to receive credential data from the reader unit, and forward the received credential data to a credential data receiver identified by the address linked to the credential data. The control node is also configured to receive access grant messages from the first and the at least one second credential data receiver; and forward the received access grant messages to the lock mechanism. Each access grant message is here configured to order the lock mechanism to be opened during a predetermined interval, for example to allow a person to pass through a door. This enables a highly efficient implementation of an automatic door or similar function.
According to yet another preferred embodiment of this aspect of the invention, the control node is communicatively connected to at least one reader unit in addition to said reader unit. The control node is further configured to receive credential data from the additional reader unit, forward the received credential data to a credential data receiver identified by the address linked to the credential data, receive access grant messages from the first and the at least one second credential data receiver, and forward the received access grant messages to a lock mechanism in addition to said lock mechanism. Also here each access grant message is configured to order the additional lock mechanism to be opened during a predetermined interval. Thus, the control node can control multiple lock mechanisms in a straightforward and efficient manner.
Preferably, the linked addresses identifying the first and the at least one second credential data receivers are Internet Protocol addresses.
According to another aspect of the invention, the object is achieved by the method described initially, wherein it is presumed that the network includes a first credential data receiver and at least one second credential data receiver. The method involves forwarding each registered piece of credential data to either the first credential data receiver, or a particular one of the at least one second credential data receiver based on an address linked to the piece of credential data, which address identifies the first credential data receiver or the particular one of the at least one second credential data receiver. The linked address, in turn, is stored in a memory module associated with the reader unit, or on a carrier holding the piece of credential data, which carrier is configured to be presented to the reader unit for registering the piece of credential data. The advantages of this method, as well as the preferred embodiments thereof, are apparent from the discussion above with reference to the proposed reader unit and data communication system.
According to a further aspect of the invention the object is achieved by a computer program product, which is loadable into the memory of a computer, and includes software for performing the steps of the above proposed method when executed on a computer.
According to another aspect of the invention the object is achieved by a computer readable medium, having a program recorded thereon, where the program causes a computer to perform the method proposed above when the program is loaded into the computer.
Further advantages, beneficial features and applications of the present invention will be apparent from the following description and the dependent claims.
The invention is now to be explained more closely by means of preferred embodiments, which are disclosed as examples, and with reference to the attached drawings.
Initially, we refer to
The first control panel 130, in turn, is controlled by a first EAC node 140 and based on entries in a first database 150 associated with the first control panel 130. More precisely, when a first user approaches the door 115 and presents a credential data carrier C (e.g. in the form of a proximity card, a key fob, a smartcard, or other appropriate carrier, such as a subscriber identity module (SIM) card of a mobile telephone or a personal digital assistant (PDA)) to a given reader, say a first reader 110, this reader 110 reads out the credential data CD from the data carrier C and forwards the credential data CD to the first control panel 130. Then, the first control panel 130 checks the first database 150 for any entries matching the credential data CD. If a match is found, the first control panel 130 queries the first EAC node 140 to determine whether or not the first user (i.e. the person being associated with the credential data CD) shall be allowed to enter through the door 115. Given that the first user is found to be authorized, the first control panel 130 sends a first access grant message AG1 (for instance via a UART protocol) to a lock control mechanism 105 at the door 115. In response to the first access grant message AG1 the lock control mechanism 105 unlocks the door 115, so that the first user can enter.
We can assume that each of a first and second organization controls the door 115, and that the above-mentioned first user belongs to the first organization. When a second user belonging to the second organization approaches the door 115 in order to enter, he/she presents his/her credential data carrier C to the second reader 120. The second reader 120 reads out the credential data CD from the data carrier C and forwards this data to the second control panel 160. Then, the second control panel 160 checks a second database 180 for any entries matching the second user's credential data CD. If a match is found, the second control panel 160 queries a second EAC node 170 to determine whether or not the second user shall be allowed to enter through the door 115. Given that the second user is found to be authorized, the second control panel 160 sends a second access grant message AG2 to the lock control mechanism 105, which in response thereto, unlocks the door 115, so that the second user can enter.
As can be seen in
Such problems, however, can be avoided by the present invention.
Here, a reader unit R is associated with a door D through which users may gain access to a well-defined space. The reader unit R is configured to register user credential data CD, which may be stored on a personal carrier C embodied in a key fob, a smartcard, a proximity card or any other appropriate carrier, e.g. a SIM card of a mobile telephone or a PDA.
The system includes a first credential data receiver EAC1 and at least one second credential data receiver EAC2, where the first credential data receiver EAC1 may be controlled by a first organization and the at least one second credential data receiver EAC2 may be controlled by a respective organization different from the first organization. For clarity reasons, however, in the following description, we will only refer to one second credential data receiver EAC2.
Analogous to the above example, a user seeking access to the well-defined space is expected present his/her carrier C for the reader unit R, and in response thereto, the reader unit R is configured to register the credential data CD on the carrier C. Here, since there are more than one control node, the reader unit R is configured to communicate with both the first and the second credential data receiver EAC1 and EAC2, preferably via a general communication network NW, such as the Internet. In each individual case, however, the reader unit R is configured to forward the registered credential data CD to exactly one of the first credential data receiver EAC1 or the second credential data receiver EAC2.
According to the invention, each piece of credential data CD is linked to an address A, which identifies either the first credential data receiver EAC1 or the second credential data receiver EAC2 (or in the general case, a particular one of the at least one second credential data receiver EAC2). The linked address A, preferably an Internet Protocol address, is stored either in a memory module M associated with the reader unit R (as shown in
In the example illustrated in
Similarly, if a carrier C is presented for the reader unit R, which carrier C contains credential data CD linked to an address A identifying the second credential data receiver EAC2, the credential data CD are forwarded to the second credential data receiver EAC2 for verification against a second database DB2.
In the data communication system of
Moreover, each of the first and second credential data receivers EAC1 and EAC2 is configured to register an entry into the well-defined space in respect of a user associated with a given piece of credential data CD if the piece of credential data CD is received via a first scanner R-IN of the reader unit R, and register an exit out from the well-defined space in respect of the user if the piece of credential data CD is received via a second scanner R-OUT. Analogous to the above, in response to a received piece of credential data CD, the reader unit R is configured to send the piece of credential data CD to the first credential data receiver EAC1 if the address A linked thereto identifies the first credential data receiver EAC1, and to the second credential data receiver EAC2 if the linked address A identifies the second credential data receiver EAC2.
Again, all units, components, signals and messages that also occur in either of
In the system of
Inter alia, both systems contain a control node N, which is communicatively connected to a first reader unit R1 associated with a first door D1. The control node N is also communicatively connected to a second reader unit R2 associated with a second door D2 and, via a communication network NW, communicatively connected to each of a first and second credential data receiver EAC1 and EAC2 respectively. The control node N is configured to receive credential data CD from the reader units R1 and R2, and forward the received credential data CD to the credential data receiver EAC1 or EAC2 identified by the address A linked to the credential data CD.
The control node N is further configured to receive access grant messages AG from the first and second credential data receiver EAC1 and EAC2, and forward the received access grant messages AG to either a first lock mechanism L1 associated with the first door D1 or a second lock mechanism L2 associated with the second door D2 depending on from which reader unit R1 or R2 the credential data CD originated. As mentioned above, each access grant message AG is configured to order the lock mechanism L1 or L2 to be opened during a predetermined interval.
Naturally, according to the invention, the control node N may be configured to handle any other number of well-defined spaces and credential data receivers than two, i.e. from one and up. It should also be noted that the number of well-defined spaces (doors) and the number of credential data receivers need not be identical. On the contrary, it may very well be the case that the number of well-defined spaces (doors) is relatively large while the number of the credential data receivers is relatively small, say two; or vice versa, that the number of the credential data receivers is relatively large while the number of well-defined spaces is just one or two.
In any case, upon presentation of a piece of credential data CD to one of the reader units R1 or R2, this reader unit is configured to forward the piece of credential data CD to the credential data receiver EAC1 or EAC2 identified by the address A linked to the piece of credential data CD. Then, in response to a received piece of credential data CD, each of the first and the at least one second credential data receiver EAC1 and EAC2 is configured to check the piece of credential data CD against a database DB1 or DB2 respectively defining a set of users' access rights to the well-defined space behind the door D1 or D2 to which the reader unit R1 or R2 is associated by which the piece of credential data CD was registered. If the piece of credential data CD is found to designate an authorized user, the credential data receiver EAC1 or EAC2 is configured to cause an access grant message AG to be sent to the lock mechanism L1 or L2 ordering the lock mechanism L1 or L2 to open the door D1 or D2.
If, however, the piece of credential data CD is found not to designate an authorized user, the credential data receiver EAC1 or EAC2 is configured to refrain from causing an access grant message AG to be sent to any of the lock mechanisms L1 or L2.
Preferably, the reader units R, R1 and R2, the credential data receivers EAC, EAC1 and EAC2 and the control node N include, or are in communicative connection with at least one memory unit storing at least one computer program product, which contains software for performing the above-described actions when the computer program product is run on a processor of the reader units R, R1 and R2, the credential data receivers EAC, EAC1 and EAC2 and the control node N respectively.
In order to sum up, we will now describe the general method executed by the proposed reader unit according to the invention with reference to the flow diagram in
A first step 710 checks if credential data have been received, and if so a step 720 follows. Otherwise, the procedure loops back and stays in step 710.
Step 720 reads out the address linked to the credential data, either from a memory module associated with the reader unit or from a carrier for the credential data. Preferably, to maintain adequate security and reduce the risk of fraudulent manipulation, reading out the credential data from the carrier requires access to a first encryption key in the reader unit.
After having read out the credential data, a step 730 forwards the registered credential data to the credential data receiver identified by the address linked to the registered credential data. Again, for security reasons and to reduce the risk of fraudulent manipulation, access to a second encryption key (identical to or different from the first key) is preferably required in the reader unit to enable this transmission.
A subsequent step 740 determines whether or not the user associated with the credential data is authorized. From the reader unit's point-of-view this means waiting for an access decision from the credential data receiver. If such a decision arrives within a predefined time, for instance in the form of an access grant message, a step 750 follows. Analogous to the above, sending the access decision preferably also requires access to a third encryption key, such that the reader unit can be certain that a received access decision was issued by an authorized source, e.g. one of its associated credential data receivers.
If no access decision arrives within the predefined time, the procedure loops back to step 710.
In step 750, at least one access decision is effected in response to the access decision with respect to a well-defined space and the user being associated with the registered credential data. The access decision may involve granting access to the well-defined space, registering an entry to the well-defined space or registering an exit from the well-defined space.
After step 750, the procedure loops back to step 710.
It is worth noting that, although steps 710, 720 and 730 all mention “credential data”, this does not mean that an exact copy of these specific data must be received, read out and forwarded respectively. Instead, various forms of data derived from the credential data may be received, read out and forwarded in and from the reader unit. Thus, the term “credential data” should here be regarded as a token being passed on from the carrier.
All of the process steps, as well as any sub-sequence of steps, described with reference to
The term “comprises/comprising” when used in this specification is taken to specify the presence of stated features, integers, steps or components. However, the term does not preclude the presence or addition of one or more additional features, integers, steps or components or groups thereof.
The invention is not restricted to the described embodiments in the figures, but may be varied freely within the scope of the claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4727368 | Larson et al. | Feb 1988 | A |
| 5204663 | Lee | Apr 1993 | A |
| 5678200 | Levi | Oct 1997 | A |
| 5903845 | Buhrmann et al. | May 1999 | A |
| 6095416 | Grant et al. | Aug 2000 | A |
| 6216227 | Goldstein | Apr 2001 | B1 |
| 6257486 | Teicher et al. | Jul 2001 | B1 |
| 6374356 | Daigneault et al. | Apr 2002 | B1 |
| 6577299 | Schiller et al. | Jun 2003 | B1 |
| 6624739 | Stobbe | Sep 2003 | B1 |
| 6668322 | Wood et al. | Dec 2003 | B1 |
| 6719200 | Wiebe | Apr 2004 | B1 |
| 6766450 | Micali | Jul 2004 | B2 |
| 6859650 | Ritter | Feb 2005 | B1 |
| 6895234 | Laursen et al. | May 2005 | B1 |
| 7012503 | Nielsen | Mar 2006 | B2 |
| 7114179 | Ritter et al. | Sep 2006 | B1 |
| 7190948 | Donley et al. | Mar 2007 | B2 |
| 7197767 | Kusakabe et al. | Mar 2007 | B2 |
| 7205882 | Libin | Apr 2007 | B2 |
| 7308254 | Rissanen | Dec 2007 | B1 |
| 7363252 | Fujimoto | Apr 2008 | B2 |
| 7376839 | Carta et al. | May 2008 | B2 |
| 7380279 | Prokupets et al. | May 2008 | B2 |
| 7600129 | Libin et al. | Oct 2009 | B2 |
| 7616091 | Libin | Nov 2009 | B2 |
| 7698566 | Stone | Apr 2010 | B1 |
| 7706778 | Lowe | Apr 2010 | B2 |
| 7716486 | Libin et al. | May 2010 | B2 |
| 7730126 | Crawford | Jun 2010 | B2 |
| 7775429 | Radicella et al. | Aug 2010 | B2 |
| 7822989 | Libin et al. | Oct 2010 | B2 |
| 7823193 | Ritter et al. | Oct 2010 | B2 |
| 7873989 | Karkas et al. | Jan 2011 | B2 |
| 8150374 | Lowe | Apr 2012 | B2 |
| 8572705 | Ritter et al. | Oct 2013 | B2 |
| 8578472 | Davis et al. | Nov 2013 | B2 |
| 20010018660 | Sehr | Aug 2001 | A1 |
| 20030151493 | Straumann et al. | Aug 2003 | A1 |
| 20030189096 | Markkanen et al. | Oct 2003 | A1 |
| 20030190887 | Hook et al. | Oct 2003 | A1 |
| 20030216143 | Rose et al. | Nov 2003 | A1 |
| 20040039916 | Aldis et al. | Feb 2004 | A1 |
| 20040050930 | Rowe | Mar 2004 | A1 |
| 20040059590 | Mercredi et al. | Mar 2004 | A1 |
| 20040078594 | Scott | Apr 2004 | A1 |
| 20040130437 | Stevens | Jul 2004 | A1 |
| 20040167881 | Masuka | Aug 2004 | A1 |
| 20040177270 | Little et al. | Sep 2004 | A1 |
| 20050055562 | Guthery | Mar 2005 | A1 |
| 20050149443 | Torvinen | Jul 2005 | A1 |
| 20050178833 | Kisliakov | Aug 2005 | A1 |
| 20050271250 | Vallone et al. | Dec 2005 | A1 |
| 20060049255 | von Mueller et al. | Mar 2006 | A1 |
| 20060052091 | Onyon et al. | Mar 2006 | A1 |
| 20060164235 | Gounder | Jul 2006 | A1 |
| 20060165060 | Dua | Jul 2006 | A1 |
| 20060170533 | Chioiu et al. | Aug 2006 | A1 |
| 20060182661 | Aquila | Aug 2006 | A1 |
| 20070067400 | Kawakami et al. | Mar 2007 | A1 |
| 20080107269 | Gehrmann et al. | May 2008 | A1 |
| 20080163361 | Davis et al. | Jul 2008 | A1 |
| 20080211620 | Willgert | Sep 2008 | A1 |
| 20090183541 | Sadighi et al. | Jul 2009 | A1 |
| 20090259838 | Lin | Oct 2009 | A1 |
| 20100042954 | Rosenblatt et al. | Feb 2010 | A1 |
| 20100106773 | Tsutazawa et al. | Apr 2010 | A1 |
| 20100245033 | Sasakuma | Sep 2010 | A1 |
| 20110093928 | Nakagawa et al. | Apr 2011 | A1 |
| 20110187493 | Elfstrom et al. | Aug 2011 | A1 |
| 20120114122 | Metivier | May 2012 | A1 |
| 20120157058 | Lowe | Jun 2012 | A1 |
| 20120278901 | Bunter | Nov 2012 | A1 |
| 20130093563 | Adolfsson et al. | Apr 2013 | A1 |
| 20140013418 | Davis et al. | Jan 2014 | A1 |
| 20140025408 | Ritter et al. | Jan 2014 | A1 |
| 20140123317 | Sugihara | May 2014 | A1 |
| 20150213247 | Davis et al. | Jul 2015 | A1 |
| 20150213248 | Davis et al. | Jul 2015 | A1 |
| 20150215322 | Davis et al. | Jul 2015 | A1 |
| 20150220711 | Lowe | Aug 2015 | A1 |
| 20150220721 | Davis et al. | Aug 2015 | A1 |
| 20150220722 | Davis et al. | Aug 2015 | A1 |
| 20150222613 | Lowe | Aug 2015 | A1 |
| 20150222622 | Lowe | Aug 2015 | A1 |
| 20150222623 | Lowe | Aug 2015 | A1 |
| 20150223066 | Lowe | Aug 2015 | A1 |
| 20150223067 | Lowe | Aug 2015 | A1 |
| Number | Date | Country |
|---|---|---|
| 0829828 | Mar 1998 | EP |
| 1103922 | May 2001 | EP |
| 1333409 | Aug 2003 | EP |
| 1562153 | Aug 2005 | EP |
| 1628255 | Feb 2006 | EP |
| 1841166 | Oct 2007 | EP |
| 2839833 | Nov 2003 | FR |
| 2002-129792 | May 2002 | JP |
| 10-2004-032311 | Apr 2004 | KR |
| WO 02096070 | Nov 2002 | WO |
| WO 03081934 | Oct 2003 | WO |
| WO 2004025545 | Mar 2004 | WO |
| WO 2005024549 | Mar 2005 | WO |
| WO 2005038728 | Apr 2005 | WO |
| WO 2005091516 | Sep 2005 | WO |
| WO 2005096651 | Oct 2005 | WO |
| WO 2007126375 | Nov 2007 | WO |
| WO 2007139909 | Dec 2007 | WO |
| WO 2008024162 | Feb 2008 | WO |
| WO 2008024320 | Feb 2008 | WO |
| WO 2008035115 | Mar 2008 | WO |
| WO 2008042302 | Apr 2008 | WO |
| Entry |
|---|
| Esato—“Nokia Launches NFC Shell for Mobile Payments” http://www.esato.com/news/article.php/id=436 (Feb. 25, 2005) (3 pages). |
| Indala—“Product Families” www.indala.com/products/index.html (Copyright 2004) (2 pages). |
| NFC Forum—“About Near Field Communication” http://www.nfc-forum.org/aboutnfc/ (Copyright 2005) (3 pages). |
| Nokia—“Use Cases” http://www.nokia.com (Copyright 2005) (2 pages). |
| Phillips Semiconductoers—“Near Field Communication PN511-Transmision module.” (Feb. 2004) (18 pages). |
| Number | Date | Country | |
|---|---|---|---|
| 20150109098 A1 | Apr 2015 | US |
