1. Statement of Technical Field
This document relates generally to Access Control Systems (“ACSs”). More particularly, the present document concerns dual level human identification and location systems.
2. Description of the Related Art
There are many ACSs known in the art. One such ACS comprises a plurality of Access Control Readers (“ACRs”) mounted at exits and/or entries of restricted areas. For example, an ACR may be disposed adjacent to a doorway through which access to a restricted room is gained. A badge worn by a person is used to gain access to a restricted room via the ACR. In this regard, the badge comprises a Low Frequency (“LF”) passive Radio Frequency Identification (“RFID”) communication device disposed thereon or therein. The LF passive RFID communication device typically operates at a frequency of 125 kHz. The ACR is a near field device with a detection range of about 5 cm or less. Throughout a given time period, the ACS tracks which entries a given person passes through for purposes of entering a restricted area. However, the ACS does not track when the person leaves each visited restricted area within the given time period.
Another conventional ACS employs beacons and wireless communication devices (e.g., mobile phones) which communicate via Bluetooth technology. A personal identifier is stored on the wireless communication device, and communicated to the beacon when the person is in proximity thereto. In response to the reception of the personal identifier, the ACS would allow the person to have access to the restricted area.
The present disclosure relates to systems and methods for controlling access to a restricted area. The methods comprise determining, by an electronic circuit, whether a person desires to enter the restricted area. In some scenarios, this determination is made based on (a) Received Signal Strength Indicator (“RSSI”) measurement data specifying a power present in a signal received from a Wearable Access Sensor (“WAS”) worn by the person and/or (b) rate of change data specifying a rate of change of a charging voltage of an energy storage device used in an electromagnetic field energy harvesting circuit disposed within the WAS. After making such a determination, it is checked whether the person is authorized to enter the restricted area using a first unique identifier associated with the WAS.
When a determination is made that the person is authorized to enter the restricted area, the person's Portable Communication Device (“PCD”) is caused to transmit a second unique identifier and location information useful in determining the PCD's location within a surrounding environment. In some scenarios, the location information is obtained by the PCD using an RSSI based technique. The RSSI technique comprises: performing operations by the PCD to survey an available networks' Media Access Control (“MAC”) addresses within range thereof; and collecting RSSI levels for signals received from devices associated with the available networks' MAC addresses. The RSSI levels and known locations of the devices associated with the available networks' MAC addresses are used to confirm that the person is currently located at an access point of the restricted area.
The second unique identifier and location information is used to confirm that the person is currently located at an access point of the restricted area. A mechanical actuator is actuated to enable the person's entrance into the restricted area when it is determined that the person desires to enter the restricted area, the person is authorized to enter the restricted area, and/or the person is currently located at the access point of the restricted area.
In some scenarios, the methods further involve determining whether the PCD is within a certain radius from the access point of the restricted area. The mechanical actuator is caused to actuate when it is determined that the PCD is within a certain radius from the access point of the restricted area. Additionally or alternatively, the methods involve logging information indicating that the person entered the restriction area at a particular time, subsequent to causing actuation of the mechanical actuator.
Embodiments will be described with reference to the following drawing figures, in which like numerals represent like items throughout the figures, and in which:
It will be readily understood that the components of the embodiments as generally described herein and illustrated in the appended figures could be arranged and designed in a wide variety of different configurations. Thus, the following more detailed description of various embodiments, as represented in the figures, is not intended to limit the scope of the present disclosure, but is merely representative of various embodiments. While the various aspects of the embodiments are presented in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
The present invention may be embodied in other specific forms without departing from its spirit or essential characteristics. The described embodiments are to be considered in all respects only as illustrative and not restrictive. The scope of the invention is, therefore, indicated by the appended claims rather than by this detailed description. All changes which come within the meaning and range of equivalency of the claims are to be embraced within their scope.
Reference throughout this specification to features, advantages, or similar language does not imply that all of the features and advantages that may be realized with the present invention should be or are in any single embodiment of the invention. Rather, language referring to the features and advantages is understood to mean that a specific feature, advantage, or characteristic described in connection with an embodiment is included in at least one embodiment of the present invention. Thus, discussions of the features and advantages, and similar language, throughout the specification may, but do not necessarily, refer to the same embodiment.
Furthermore, the described features, advantages and characteristics of the invention may be combined in any suitable manner in one or more embodiments. One skilled in the relevant art will recognize, in light of the description herein, that the invention can be practiced without one or more of the specific features or advantages of a particular embodiment. In other instances, additional features and advantages may be recognized in certain embodiments that may not be present in all embodiments of the invention.
Reference throughout this specification to “one embodiment”, “an embodiment”, or similar language means that a particular feature, structure, or characteristic described in connection with the indicated embodiment is included in at least one embodiment of the present invention. Thus, the phrases “in one embodiment”, “in an embodiment”, and similar language throughout this specification may, but do not necessarily, all refer to the same embodiment.
As used in this document, the singular form “a”, “an”, and “the” include plural references unless the context clearly dictates otherwise. Unless defined otherwise, all technical and scientific terms used herein have the same meanings as commonly understood by one of ordinary skill in the art. As used in this document, the term “comprising” means “including, but not limited to”.
A large and growing number of people own and carry smart phones with them throughout the workplace, school, or other environments where Wi-Fi network infrastructures already exists. The smart phone has an identity which is directly associated with the owner's name and can serve as a reliable credential for identification. The Wi-Fi network in a building consists of many routers. The routers have known addresses, as well as locations that are spatially distributed to allow adequate coverage throughout the building.
Software applications allow a smart phone to measure the received signal strength or RSSI from each router within reach of the smart phone. This information can then be sent to the cloud. At the cloud, the RSSI information and router spatial position information are used to compute the smart phone's position in the building. The smart phone's position is then reported directly to the building network. The software application can be turned on as soon as it picks up the building Wi-Fi upon entering the building. Thereafter, the software application runs an update on location based on predetermined time intervals. When the smart phone is not moving (e.g., determined based on phone motion sensor output information), the update is discontinued until motion resumes.
U.S. patent application Ser. No. 14/558,796 to Copeland et al. (“the '796 patent application”, which is incorporated herein by reference) describes an access control system using a body wearable sensor and a reader. The reader uses either Received Signal Strength Indication (“RSSI”) information from an Ultra High Frequency (“UHF”) RFID sensor or a UHF energy harvesting sensor with transceiver radio communications and energy harvesting electronics. The UHF approach allows for longer range detection of the sensor with detection distances of typically 1-2 meters from the interrogation antenna.
While the '796 patent application is an improvement over existing access control, it is still a single credential security system. Using both the body WAS as described in the '796 patent application along with a PCD unique identifier (e.g., a MAC address of a cellular phone) and current location within a facility, a dual level identification and location system is achieved. Having two independent identification means has a much higher degree of security than any one method. Algorithms can be adjusted to weigh on the use of each signal by itself or in combination. For example, if someone does not enter an access point with a PCD but is wearing a WAS, there is a certain degree of security identification. With both the WAS and the PCD (e.g., a smart phone or a smartwatch), there is a dual and much higher degree of security.
This disclosure concerns systems and methods for implementing a second layer of security using personal\corporate PCDs to confirm peoples identities at monitored entry points in addition to the techniques described in the '796 patent application. In this regard, a PCD, a PCD application, and a remote database\service (“cloud”) are implanted in each system. Each user of the system is required to: install the PCD application on his(her) PCD; and use his(her) personal/corporate credentials in order to register his(her) PCD within the system. From that point on, the PCD application stays passive in a sense that it does not communicate back to the cloud unless requested (e.g., for energy conservation purposes). Alternatively, the PCD periodically reports to the cloud for tracking and logging purposes.
During operation, the cloud sends a request for identification and location information to the PCD subsequent to or concurrent with the WAS based identification/authentication operations of the '796 patent application. In response to the request, the PCD obtains information specifying its current location within a secured area. This location information can be obtained using at least one of the following techniques: a Global Positioning System (“GPS”) based technique; an RSSI based technique; and a beacon based technique. The RSSI based technique will be explained in detail below. However, the GPS and beacon based techniques are well known in the art, and therefore will not be described herein. Next, the PCD sends its unique identifier (e.g., a MAC address) and location information to the cloud. At the cloud, this information is used to confirm or verify that the user is actually located at a given exit/entry (2nd layer security).
Referring now to
A WAS 114 is assigned to each individual authorized for accessing restricted areas of a business entity. The WAS 114 comprises a wearable communications device that can be worn by the person 116 to which it is assigned. As shown in
A schematic illustration of an exemplary architecture for the sensor circuitry of WAS 114 is provided
A graph 502 is provided in
Referring again to
At the access point 102, the reader 104 determines the directionality of the WAS 114 emitting the SRC reply signal. This determination is made based on RSSI measurements of the power present in the SRC reply signal received by an antenna 106 or 108 from the WAS 114. The RSSI measurements specify the signal strength of the SRC reply signal received at antenna 106 or antenna 108, and whether the signal strength is increasing or decreasing during a given period of time. If the signal strength of the SRC reply signal is increasing during the given period of time, then the WAS 114 is deemed to be traveling towards the respective antenna 106 or 108. In contrast, if the signal strength of the SRC reply signal is decreasing during the given period of time, then the WAS 114 is deemed to be traveling away from the respective antenna 106 or 108.
However, such determinations are not sufficient to detect whether the person is attempting to enter or exit the restricted area. Accordingly, additional motion sensors 120, 122 are employed herein. The motion sensors may be provided at the access point 102. A first motion sensor 122 is disposed on the front sidewall surface 130 of the structural wall 132 located adjacent to the access point 102. In contrast, a second motion sensor 120 is disposed on a back sidewall surface (not shown in
Notably, the present invention is not limited to the motion sensor configuration shown in
In turn, the reader 104 forwards the information received from the motion sensor(s) 120, 122 to the DPS 112 via network 110. Similarly, reader 104 communicates information to the DPS 112 indicating the directionality of the WAS 114 (i.e., whether the WAS 114 is traveling towards or away from the antenna 106 or 108). The DPS 112 may be located in the same facility as the reader 104 or in a different facility remote from the facility in which the reader 104 is disposed. As such, the network 110 may comprise an Intranet and/or the Internet. Additionally, each exit and/or entrance to a restricted area in each facility of a business entity may have access control sensory systems 104-108, 120, 122 disposed thereat so as to define a distributed network of access control sensor systems.
At the DPS 112, the information is used to determine whether or not the person is attempting to enter or exit the access point 102. For example, if the information indicates that the WAS 114 is traveling towards the entrance antenna 108 and the person is moving in direction 124, then a determination is made that the person desires to enter the restricted area via access point 102. In contrast, if the information indicates that the WAS 114 is traveling towards antenna 106 and the person is moving in direction 126, then a determination is made that the person desires to exit the restricted area via the access point 102. If the information indicates that the WAS 114 is traveling away from the antenna 108, then a determination is made that the person is not trying to enter the restricted area. Similarly, if the information indicates that the WAS 114 is traveling away from the antenna 106, then a determination is made that the person is not trying to exit the restricted area.
The DPS 112 may also analyze patterns of motion defined by the information to determine whether or not the person desires to enter or exit the access point 102. For example, if the information indicates that the person 116 is traveling in a direction 124, 136 or 138 towards the access point 102 during a first period of time and then travels in a direction 126, 136 or 138 away from the access point 102 during an immediately following second period of time, then a determination is made that the person does not want to gain access to the restricted area, but is simply passing by the access point. In contrast, if the information indicates that the person 116 is traveling at a first speed in a direction 124, 136 or 138 towards the access point 102 during a first period of time and then slows down as (s)he approaches the access point, a determination is made that the person does want to gain access to the restricted area. Similarly, if the information indicates that the person 116 is traveling at a first speed in a direction 124, 136 or 138 towards the access point 102 during a first period of time and stops upon reaching the access point, a determination is made that the person does want to gain access to the restricted area.
Upon determining that the person does not want to enter or exit the restricted area, the DPS 112 simply logs the unique identifier, the directionality information, the motion direction information, the speed/velocity information, and/or the results of the information analysis in a data store (not shown in
In response to the request, the PCD 150 performs operations to determine its current location within a surrounding environment. In some scenarios, an RSSI based technique is used to determine the PCD's current location. The RSSI based technique involves using the PCD's Wi-Fi radio to survey all the available networks' MAC addresses within range. After collecting all the available networks' MAC addresses and the RSSI levels, the PCD 150 relays the MAC address and RSSI information back to a cloud 154 via wireless communication link 152. The cloud 154 then estimates the location of the PCD 150 based on the MAC addresses, RSSI levels, and known locations of each of the devices associated with the MAC addresses. A learning algorithm may be used to correlate between the two types of listed information.
In the case that the estimated location of the PCD 150 is within a certain radius from the original monitored door, the cloud 154 relays an open command to the door so as to cause a door opening actuator 128 to be actuated (e.g., for unlocking a lock). In order to reduce the delay between scanning a WAS and a door opening, the PCD 150 continually surveys Wi-Fi networks and has survey data ready for when a request is received thereat.
The cloud 154 and/or DPS 112 also log results of the information analysis and/or information specifying that access to the restricted area was provided to the person at a particular time. Upon determining that the person wants to exit the restricted area, the DPS 112 causes a door opening actuator 128 to be actuated, and also logs results of the information analysis and/or information specifying that the person exited the restricted area at a particular time.
The data logging allows the cloud 154 and/or DPS 112 to track the access points through which the person enters and exits, and the time of such entering and exiting. This historical information is useful for a variety of reasons. For example, the historical information can be used to determine when employees arrive at and/or leave work, whereby the need for conventional employee time-attendance systems requiring each employee to manually clock-in upon arrival at work and clock-out upon leaving work is no longer necessary. The historical information can also be used to identify individuals who gained access to a restricted area when a possible theft occurred or when equipment was removed from the restricted area.
Notably, the above described access control system overcomes certain drawbacks of conventional access control systems. For example, in the present invention, authorized individuals do not need to take any manual actions (e.g., swiping a card) to gain access to restricted areas. In effect, the need for certain access control equipment (e.g., card readers) has been eliminated, thereby reducing the overall cost of implementing the present access control system 100.
In other scenarios, the WAS 114 operates in both an energy harvesting mode and a communications mode. In the energy harvesting mode, the energy harvesting circuit 220 collects energy every time WAS 114 passes by an access point. The collected energy is stored in the energy storage device 222 (e.g., a capacitor). Once the energy storage device 222 is charged to an operating voltage level of the SRC device 212, the mode of the WAS 114 is changed from the energy harvesting mode to the communications mode. Thereafter, an SRC identifier signal is sent to the reader 104 via antenna 202 at the access point 102. The SRC identifier signal comprises the unique identifier 210. Information 214 indicating the rate of change of the charging voltage of the energy storage device 222 (e.g., a capacitor) may also be sent from the WAS 114 to the reader 104 via the SRC identifier signal. The rate of change information 214 specifies directionality of the WAS 114. At a later time, the reader 104 communicates the unique identifier 210 and/or rate of change information 214 to the DPS 112.
Notably, the motion sensors 120, 122 are also employed along with the multi-mode WAS 114 (i.e., the WAS configured to operate in both an energy harvesting mode and a communications mode). The motion sensors 120, 122 are used to determine the direction and/or speed/velocity of travel of the person 116 in proximity to the access point 102. Information specifying the person's direction and/or speed/velocity of travel is provided from the motion sensors 120, 122 to the reader 104.
At the DPS 112, a determination is made as to whether the person is authorized to access the restricted area based on the unique identifier 210 and/or whether the person is attempting to enter or exit the restricted area based on the rate of change information 214. If the person is attempting to enter the restricted area and is not authorized to access the restricted area, then the DPS 112 simply logs information indicating that the person was in proximity of the access point at a particular time. In contrast, if the person is attempting to enter the restricted area and is authorized to access the restricted area, then the DPS 112 causes a request for identification and location information to be sent to a PCD 150 in the person's possession.
In response to the request, the PCD 150 performs operations to determine its current location within a surrounding environment. In some scenarios, an RSSI based technique is used to determine the PCD's current location. The RSSI based technique involves using the PCD's Wi-Fi radio to survey all the available networks' MAC addresses within range. After collecting all the available networks' MAC addresses and the RSSI levels, the PCD 150 relays the MAC address and RSSI information back to a cloud 154 via wireless communication link 152. The cloud 154 then estimates the location of the PCD 150 based on the MAC addresses, RSSI levels, and known locations of each of the devices associated with the MAC addresses. A learning algorithm may be used to correlate between the two types of listed information.
In the case that the estimated location of the PCD 150 is within a certain radius from the original monitored door, the cloud 154 relays an open command to the door so as to cause a door opening actuator 128 to be actuated (e.g., for unlocking a lock). In order to reduce the delay between scanning a WAS and a door opening, the PCD 150 continually surveys Wi-Fi networks and has survey data ready for when a request is received thereat. The cloud 154 and/or DPS 112 also logs information specifying that access to the restricted area was provided to the person at a particular time.
In this scenario, the reader 104 is simply an edge connect module that controls the door opening actuator. As a result, the need for an interrogation reader (e.g., an RFID reader) is eliminated, thereby reducing the overall cost required to implement system 100.
Referring now to
At the reader, actions are performed to obtain RSSI measurement data specifying the power present in the SRC reply signal over a given period of time, as shown by step 310. The RSSI measurement data is used by the reader to determine if the signal strength of the SRC reply message is increasing. Notably, this determination can alternatively be performed by a DPS (e.g., DPS 112 of
If the signal strength of the SRC reply signal is decreasing [312:NO], then step 314 is performed where first information is generated indicating that the WAS is traveling away from the antenna. In contrast, if the signal strength of the SRC reply signal is increasing [312:YES], then step 316 is performed where second information is generated indicating that the WAS is traveling towards the antenna.
Upon completing step 314 or 316, the method 300 continues with step 318. Step 318 involves detecting the direction and/or speed/velocity of motion of the person (e.g., person 116 of
At the DPS, operations are performed in step 324 to determine whether or not the person is attempting to enter or exit the restricted area using the information received in previous step 322. For example, if the received information indicates that the WAS is traveling towards an entrance antenna (e.g., antenna 108 of
After completing step 324, method 300 continues with decision step 326 of
If it is determined that the person does want to enter or exit the restricted area [326:YES], then optional step 332 is performed. Optional step 332 is performed when the person is attempting to enter the restricted area, and therefore involves comparing the unique identifier with a plurality of unique identifiers stored in a data store to check whether the person is authorized to enter the restricted area. When a person is attempting to exit the restricted area or an authorized person is attempting to enter the restricted area, the DPS causes a request for identification and location information to be sent to a PCD (e.g., PCD 150 of
In response to the request, the PCD performs operations in step 336 to obtain information useful for determining its current location within a surrounding environment. In some scenarios, an RSSI based technique is used to determine the PCD's current location. The RSSI based technique involves using the PCD's Wi-Fi radio to survey all the available networks' MAC addresses within range. After collecting all the available networks' MAC addresses and the RSSI levels, the PCD relays the MAC address and RSSI information back to a cloud (e.g., cloud 154 of
In the case that the estimated location of the PCD is within a certain radius from the original monitored door, the cloud relays an open command to the door so as to cause a door opening actuator (e.g., actuator 128 of
Referring now to
In a next step 416, the direction and/or speed/velocity of motion of the person wearing the WAS is detected. One or more motion sensors (e.g., sensors 120 and/or 122 of
At the DPS, operations are performed in step 422 to determine whether or not the person is attempting to enter or exit the restricted area using the information received in previous step 420. For example, if the received information indicates that the WAS is traveling towards an entrance antenna (e.g., antenna 108 of
After completing step 422, method 400 continues with decision step 424 of
If it is determined that the person does want to enter or exit the restricted area [424:YES], then optional step 427 is performed. Optional step 427 is performed when the person is attempting to enter the restricted area, and therefore involves comparing the unique identifier with a plurality of unique identifiers stored in a data store to check whether the person is authorized to enter the restricted area. When a person is attempting to exit the restricted area or an authorized person is attempting to enter the restricted area, the DPS causes a request for identification and location information to be sent to a PCD (e.g., PCD 150 of
In response to the request, the PCD performs operations in step 430 to obtain information useful for determining its current location within a surrounding environment. In some scenarios, an RSSI based technique is used to determine the PCD's current location. The RSSI based technique involves using the PCD's Wi-Fi radio to survey all the available networks' MAC addresses within range. After collecting all the available networks' MAC addresses and the RSSI levels, the PCD relays the MAC address and RSSI information back to a cloud (e.g., cloud 154 of
In the case that the estimated location of the PCD is within a certain radius from the original monitored door, the cloud relays an open command to the door so as to cause a door opening actuator (e.g., actuator 128 of
Additionally, in some scenarios, the WAS may detect no rate of change when the wearer is standing near the access point of a restricted area. For example, let's assume that a person travels towards the access point whereby the WAS detects a rate of change of the energy collected by the energy harvesting circuit thereof. When the person arrives at the access point, (s)he is stopped by another person for a discussion. At this time, the WAS detects no rate of change of the energy collected by the energy harvesting circuit thereof. In response to such a detection, the WAS communicates a signal to the reader (e.g., reader 104 of
The following discussion explains an exemplary mathematical algorithm for estimating the location of a PCD within a building. For a high frequency transmitter and receiver antenna, the well-known Friis transmission equation is given below. This assumes free space environment and no polarization loss between the receive and transmit antennas nor absorption of signal from the PCD by a person holding it.
where Pr is the received power (PCD), Pt is the transmitter power (Wi Fi antenna), Gt is the transmitter antenna gain, Gr is the receiver gain, R is the vector between the transmit and receive antennas, f is the operating frequency, and c is the speed of light. Taking the LOG of both sides produces the following mathematical equation.
where Pr and Pt are in units of dBm, Gt and Gr are in units of dB, λ is in units of meters, and R is in units of meters.
In
Using simple linear interpolation of differences in the four antenna signals is the first consideration in estimating the location along a known path. The estimated position P(x,y) can be expressed by the following mathematical equation.
P(x,y)=C1(STx3−STx2)ax+C2(STx4−STx1)ax+C3(STx1−STx2)ay+C4(STx4−STx3)ay
where C1, C2, C3 and C4 are coefficients, the STx1 to STx4, are the signal strengths, and ax and ay are the x and y unit vectors. The above mathematical equation can be written in linear matrix form as shown below.
Using one or more of the paths to determine the coefficients and the simplification that C1=C2 and C3=C4, one can show that the predicted path P(x,y) can be accurate to less than one meter.
All of the apparatus, methods, and algorithms disclosed and claimed herein can be made and executed without undue experimentation in light of the present disclosure. While the invention has been described in terms of preferred embodiments, it will be apparent to those having ordinary skill in the art that variations may be applied to the apparatus, methods and sequence of steps of the method without departing from the concept, spirit and scope of the invention. More specifically, it will be apparent that certain components may be added to, combined with, or substituted for the components described herein while the same or similar results would be achieved. All such similar substitutes and modifications apparent to those having ordinary skill in the art are deemed to be within the spirit, scope and concept of the invention as defined.
The features and functions disclosed above, as well as alternatives, may be combined into many other different systems or applications. Various presently unforeseen or unanticipated alternatives, modifications, variations or improvements may be made by those skilled in the art, each of which is also intended to be encompassed by the disclosed embodiments.
This application claims priority benefits of U.S. Provisional Patent Application No. 62/205,953 filed on Aug. 17, 2015 and U.S. patent application Ser. No. 14/558,796 filed on Dec. 3, 2014, the contents of which are herein incorporated by reference.
Number | Date | Country | |
---|---|---|---|
62205953 | Aug 2015 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 14558796 | Dec 2014 | US |
Child | 14956902 | US |