Patent Grant
8813917
The invention relates to access control. More particularly the invention relates to a method and to a system for limiting access rights in buildings, in which a passenger uses a personal terminal device for giving service requests to elevator systems and other such systems.
With regard to elevator systems, call-giving solutions are known in which a passenger gives a destination call to the floor he/she wants by means of an identifier or terminal device in his/her possession. For reading the identifier data contained by identifiers, such as e.g. RFID identifiers (Radio Frequency Identifier), an elevator system is provided with reader devices, into the operating area of which a passenger takes his/her identifier. On the basis of the identifier data the elevator system determines the destination floor of the passenger and allocates an elevator car for the use of the passenger for traveling to the destination floor in question. In prior-art solutions, in which a passenger gives destination calls with a terminal device, e.g. with a mobile phone, elevator lobbies are provided with base stations based on e.g. Bluetooth technology for implementing data transfer between a terminal device of the passenger and the elevator system. When a passenger arrives in an elevator lobby, the base station in the elevator lobby detects a terminal device of the passenger and receives information from the terminal device, on the basis of which information the elevator system allocates an elevator car for taking the passenger to the destination floor he/she wants. Often access control is also connected to the aforementioned prior-art solutions such that for each passenger a personal service profile is determined for the elevator system or for a special access control system, in which service profile data about those floors to which the passenger has an access right is recorded.
A number of problems are, however, connected to the prior-art solutions described above. Identifiers that are to be read from close range require the identifier to be brought to the reading device or at least essentially close to it, which slows down and hampers the giving of service requests. A security risk, on the other hand, is attached to long-range identifiers/terminal devices because it is possible to spy on the communications traffic between an identifier/terminal device and a base station and to hijack data that gives access to a certain floor or space in the building. The access control systems of buildings are often centralized systems, to which all the apparatuses participating in access control are connected, making the access control system a complex and expensive solution. Access control solutions according to prior-art are also difficult to configure and to maintain and they are also inflexible, especially when it is desired for the access rights of a passenger to be temporary or otherwise dynamic without, however, compromising the reliability or other security aspects of access control.
The aim of the present invention is to eliminate or at least to alleviate the aforementioned drawbacks that occur in prior-art solutions. The aim of the invention is also to achieve one or more of the following objectives:
At least one example embodiment relates to a method and/or a system for limiting access rights. Some example inventive embodiments are presented in the descriptive section and in the drawings of the present application. The inventive content in the application can also be defined differently than in the claims presented below. The inventive content may also consist of several separate inventions, especially if the invention is considered in the light of expressions or implicit sub-tasks or from the point of view of advantages or categories of advantages achieved. In this case, some of the attributes contained in the claims below may be superfluous from the point of view of separate inventive concepts. The features of the various embodiments of the invention can be applied within the scope of the basic inventive concept in conjunction with other embodiments.
The present invention discloses a method for limiting access rights in a building, which comprises a conveying system and an access control system connected to the conveying system, which access control system comprises at least one short-range identification point and at least one long-range identification point and in which method a personal terminal device is given into the possession of passengers, for generating service requests to the conveying system. According to the invention the terminal device is taken into the operating area of a short-range identification point, where the access rights connected to the service requests of the terminal device are activated. After it the terminal device is taken into the operating area of a long-range identification point, where a service request generated with the terminal device of a passenger is received, which service request is transmitted to the conveying system, if the access right connected to the service request is valid on the basis of the aforementioned activation.
For activating access rights, at least one of the following procedures is performed:
A conveying system comprises at least one conveying device, such as e.g. an elevator, an elevator system, an escalator, a travelator, an automatic door or a pass gate. A service request is e.g. an elevator call, a request to open an automatic door or pass gate, or some other corresponding service request connected to the conveying system. A short-range identifier is e.g. a short-range RFID identifier (SR-RFID, short range RFID), for reading the data contained in which a passenger must take a terminal device into the operating area of a short-range identification point. The reading distance is in this case essentially short, preferably at most a few centimeters. A long-range identifier is e.g. a long-range RFID (LR-RFID, long range RFID), reading of the data contained in which can occur from a distance, preferably of a number of meters, in which case the passenger does not necessarily need to take his/her terminal device out but instead the information can be read e.g. from a terminal device in a pocket. Identification points can be in the elevator lobbies, elevator cars and information points of a building, in connection with doors, escalators and ID cards in a building, in parking halls and/or in other spaces of a building in which passengers using a conveying system move.
The present invention also discloses a system for limiting access rights in a building. The system comprises: a conveying system; an access control system connected to the conveying system, which access control system comprises at least one short-range identification point and at least one long-range identification point; and at least one terminal device given for personal use, which is provided with at least one short-range identifier and at least one long-range identifier. The access control system is arranged to activate the access rights connected to the service requests of the aforementioned terminal device in the operating area of a short-range identification point and also to transmit with the aforementioned terminal device the service request generated in the operating area of a long-range identification point to the conveying system, if the access right connected to the service request is valid on the basis of the aforementioned activation.
In one embodiment of the invention the access rights of a terminal device are activated for specific short-range identification points. As a result of the embodiment, the access rights of a passenger can be activated in different ways depending on the short-range identification point that the passenger uses for activating the access rights. For example, if there are a number of entrances in a building, the access rights of a terminal device can be activated on the basis of the entrance via which the passenger arrives in the building.
In one embodiment of the invention the terminal device is provided with a user interface, which is configured on the basis of the access rights of a terminal device. The user interface comprises a display element for presenting information connected to service requests and/or selection pushbuttons for making selections connected to service requests. As a result of the embodiment, access control can be improved and at the same time travel can be facilitated by configuring the user interface e.g. such that only service requests according to activated access rights can be given with a terminal device. A user interface can also be configured on the basis of the operating area of which identification point the terminal device is at the time. In this embodiment only those functions which are connected to the identification point to be monitored and/or to a conveying device in connection with it are available in a user interface. For example, if the identification point is in connection with an elevator system, only elevator calls to those floors to which a passenger has a valid access right can be generated with a terminal device.
In one embodiment of the invention the position of a terminal device in the building is monitored by means of the identification points and guidance data and/or alarm data is generated, if on the basis of the monitoring the terminal device deviates from the route required by the service request. As a result of the embodiment access control and the guidance of a passenger can be improved by detecting e.g. the exit of a passenger from an elevator car on a floor to which he/she is not traveling on the basis of the call he/she gave.
In one embodiment of the invention control data about terminal devices is collected in identification points. If inconsistencies are detected in the control data, an alarm is generated and/or a control procedure connected to the conveying system is performed. As a result of the embodiment access control can be improved by detecting e.g. “copied” terminal devices automatically and by preventing the access of unauthorized persons to locations within the scope of the access control.
In one embodiment of the invention exit of terminal devices from a set monitoring area is monitored in at least one identification point. If an exit of a terminal device is detected, at least a part of the usage rights of the terminal device are passivated. As a result of the embodiment access control improves because the passivated usage rights of a terminal device must be re-activated if the terminal device is e.g. taken out of the building. Since a terminal device does not in this case contain data about access rights outside the building, said access rights cannot either be copied outside the building.
In one embodiment of the invention an access right connected to a service request and the period of validity of said right are checked in the identification point in the operating area of which the terminal device is. As a result of the embodiment the identification points connected to conveying devices can independently check the validity of access rights without being connected to a centralized access control system, in which case the access control system becomes simple and can easily be maintained.
In one embodiment of the invention the conveying system comprises an elevator system, which does not comprise call-giving appliances implemented with conventional pushbuttons but instead calls are given using just a personal terminal device. As a result of the embodiment, the elevator system becomes simpler and at the same time access control becomes more efficient, because a passenger must have a terminal device, the access rights of which must be valid, in order for him/her to be able to use the conveying services of the elevator system.
With the solution according to the invention numerous advantages are achieved compared to prior-art solutions. The solution according to the invention is user-friendly, in which solution the giving of service requests can occur at a distance from conveying devices without taking a terminal device to a reader device that receives service requests. The fact that a terminal device can automatically generate service requests when the terminal device is e.g. in the pocket of a passenger also facilitates travel. Travel is further facilitated by the fact that the user interface of a terminal device can be configured on the basis of access rights, in which case it is easy for a passenger to give service requests for which he/she has a currently valid permit (access right). Also the other functions of a terminal device can be personalized, which also enhances user-friendliness. The solution according to the invention is also a cost-effective and simple solution applicable to access control, because the information about valid access rights is recorded in a terminal device, in which case a centralized access control system, from which access rights would be repeatedly checked, is not necessary. The solution according to the invention also improves access control, because access rights can be activated before entering a building and removed when leaving the building. The fact that the movements of passengers can be checked and an alarm generated if possible misuses of terminal devices are detected further improves access control. Also other advantages that can be achieved with the solution according to the invention are presented above in connection with the different embodiments.
In the following, the invention will be described in detail by the aid of examples of its embodiments, wherein:
In the following the meaning of certain terms used in this application is explained in more detail:
Operating block 16 presents an outer door of a building, which door is provided with an electric lock 16b. In connection with an outer door is a short-range identification point 16a, which comprises a transmitter/receiver unit for recording/reading information in/from the memory 10d of a terminal device. The transmitter/receiver unit sends an excitation signal into its surroundings, in response to which signal a short-range identifier 10b transmits data to the transmitter/receiver unit or vice versa. The operating area (operating range) of the transmitter/receiver unit is essentially short, e.g. less than 10 cm, in which case the transmission of data can only occur if the user takes his/her terminal device to within aforementioned short range of the short-range identification point.
Operating block 17 presents by way of an example an automatic door separating two different spaces of the building, which door is provided with a locking mechanism 17c and in connection with which door is a long-range identification point 17b, which monitors the terminal devices in the proximity of the automatic door. Operating block 18, for its part, presents a pass gate, via which people in the building can leave the building but via which there is no access into the building. In connection with the pass gate 18 is a long-range identification point 18a, which monitors the terminal devices leaving the building along with passengers. Operating block 13 presents an elevator system, which comprises at least one elevator, the elevator car 13b of which comprises a long-range identification point 13c and there are also floor-specific long-range identification points 13d in the elevator lobbies. The long-range identification point 13c monitors the terminal devices entering and leaving an elevator car along with the elevator passengers. The long-range identification points 13d monitor the terminal devices of passengers in the elevator lobbies. A control system 13e controls the elevators of the elevator system on the basis of the calls given by passengers with their terminal devices. As is seen from
Long-range identification points, likewise to a short-range identification point, comprise a transmitter/receiver unit, which sends an excitation signal into its surroundings, in response to which signal a long-range identifier 10b of a terminal device transmits data recorded in the memory of the terminal device to the transmitter/receiver unit or vice versa. The operating area (operating range) of the transmitter/receiver unit is essentially long, preferably a number of meters, in which case reading of data can occur e.g. from a terminal device that is in the pocket of the possessor of the terminal device.
The operating block 11 in
Transmission of the data connected to the aforementioned activation procedures from/to a terminal device occurs via the short-range identifier 10b in the short-range identification point. Since transmission of the data occurs from short range, the hijacking or copying of data is fairly impossible. Access control is also improved by the fact that the checking, and if necessary updating, of access rights in the terminal device, occurs e.g. before the opening of the locking of the outer door, in which case it can be ensured that up-to-date access rights are recorded in a terminal device before a user moves into a building.
When a possessor of a terminal device enters the entrance lobby in the manner described above, he/she can use his/her terminal device for giving service requests connected to a conveying system. Service requests are either service requests automatically generated by a terminal device or service requests based on a selection of the passenger. A terminal device automatically generates a service request when a person, with his/her terminal device, arrives in the operating area of a certain identification point and the access right required by the service request is valid. An optional service request requires a service request selection made by a passenger or an acknowledgement made by a passenger to a service request proposal presented by a terminal device. In this option a passenger uses the selection pushbuttons of a terminal device for giving a service request.
In the following an example of automatic service requests in a system according to
In the following an example of optional service requests in a system according to
The selection list to be presented on the display of a terminal device is generated either by the terminal device itself or the list is loaded into a terminal device from a long-range identification point. In the first-mentioned alternative the identification point sends e.g. its own identifier code (the ID of the identification point) or a code identifying the elevator system (the ID of the conveying device) to a terminal device, on the basis of which code, as well as on the basis of the access rights connected to the elevator system and recorded in the terminal device, the terminal device forms the aforementioned selection list for the display 10c2. In the latter alternative a long-range identification point reads the access rights recorded in a terminal device, forms the aforementioned selection list on the basis of them and sends it to the terminal device for presenting on the display 10c2.
One task of the back-end system 11 is to receive control data connected to terminal devices from identification points, which control data it records in a log file 11b. On the basis of the control data the back-end system has up-to-date information about in which part/space of the building each user of a terminal device is at any time, when he/she went there, when he/she left there, and/or to where he/she is going on the basis of the latest service request. If the back-end system detects inconsistencies in the control data, it sends alarm data to the control center 19. An inconsistency can arise e.g. if two terminal devices that have the same ID are detected in the building or e.g. if a terminal device with a certain ID generates an elevator call from a floor that is a different floor to which the possessor of the terminal device traveled on the basis of earlier control data. On the basis of control data it can also be deduced whether a passenger deviates from the route required by the service request given by him/her, e.g. will he/she leave the elevator car on another floor than the floor to which he/she is traveling on the basis of the call he/she gave. Control data can alternatively be recorded in identification points and/or in conveying devices that are in connection with identification points. In this case each identification point and/or conveying device independently monitors for inconsistencies in control data that is collected from terminal devices detected in the operating area of the identification point. If an identification point detects inconsistencies in the control data it collects, it can generate alarm data, which is transmitted, e.g. wirelessly, to a control center 19 and/or is expressed by signaling means in connection with the identification point. Correspondingly, if, for example, the elevator system detects inconsistencies in the control data it collects, it sends alarm data e.g. to a reception desk in the entrance lobby and performs a run operation that automatically takes the passenger that caused the alarm to the entrance lobby. On the basis of control data conclusions can also be drawn about the magnitudes and directions of traffic flows in the different parts of a building on different days of the week and/or at different times of the day, and the information can be used e.g. for predictive control of the conveying devices.
When a passenger wants to leave the building, he/she goes to the entrance lobby and exits the building via a pass gate 18. The long-range identification point 18a in connection with the pass gate detects the terminal device of the passenger, in which case the access rights of the terminal device are passivated e.g. by setting the period of validity connected to the access rights to “zero” or by deleting all, or at least a part of, the access rights recorded in the terminal device. So that the passenger could use his/her terminal device after this, he/she must take the terminal device again to a short-range identification point 16, where the passivated access rights are re-activated. If there are a number of exit routes in a building, they are all provided with an identification point 18, in which the access rights of a terminal device can be passivated.
In the system according to
The system according to the invention can also be utilized in exceptional situations, in which a building, or a part of a building, must be evacuated. If e.g. a fire is detected in the building, personal guidance and/or instructions on how to act relating to evacuation is/are sent to all the terminal devices of people in a danger zone, depending on which part of the building the person (terminal device) is at the time of the incident. Since it can be assumed that almost all the people in the building have a terminal device 10, personal guidance connected to an evacuation is delivered to its destination reliably and quickly.
Although the invention is described above using elevator systems as examples, it is obvious to the person skilled in the art that different embodiments of the invention are not only limited to the examples described above, but that they may be varied within the scope of the claims presented below. Thus the terminal device can be e.g. a disposable terminal device, the access rights of which are activated before handing over to a passenger e.g. at a reception desk of a building, to where the passenger can also return his/her terminal device after use.
| Number | Date | Country | Kind |
|---|---|---|---|
| 20100201 | May 2010 | FI | national |
This is a continuation of PCT/FI2011/050416 filed May 5, 2011, which is an International Application claiming priority to FI 20100201 filed on May 10, 2010, the entire contents of each of which are hereby incorporated by reference.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5749443 | Romao | May 1998 | A |
| 6109396 | Sirag et al. | Aug 2000 | A |
| 6202799 | Drop | Mar 2001 | B1 |
| 6382363 | Friedli | May 2002 | B1 |
| 6397976 | Hale et al. | Jun 2002 | B1 |
| 6868945 | Schuster et al. | Mar 2005 | B2 |
| 7093693 | Gazdzinski | Aug 2006 | B1 |
| 7353915 | Zaharia et al. | Apr 2008 | B2 |
| 7581622 | Amano | Sep 2009 | B2 |
| 8020672 | Lin et al. | Sep 2011 | B2 |
| 8061485 | Finschi | Nov 2011 | B2 |
| 8381880 | Finschi | Feb 2013 | B2 |
| 8438021 | Liu et al. | May 2013 | B2 |
| 8490754 | Amano | Jul 2013 | B2 |
| 8499895 | Zweig | Aug 2013 | B2 |
| 20010022252 | Schuster | Sep 2001 | A1 |
| 20050138385 | Friedli et al. | Jun 2005 | A1 |
| 20080217112 | Puskala et al. | Sep 2008 | A1 |
| 20090020370 | Boss et al. | Jan 2009 | A1 |
| 20090133969 | Zaharia et al. | May 2009 | A1 |
| Number | Date | Country |
|---|---|---|
| 1976855 | Jun 2007 | CN |
| 101287666 | Oct 2008 | CN |
| WO-2007026042 | Mar 2007 | WO |
| WO-2008145803 | Dec 2008 | WO |
| Entry |
|---|
| International Search Report PCT/ISA/210 for International Application No. PCT/FI2011/050416 dated Jun. 10, 2011. |
| Finnish Search Report, 2010. |
| English translation of Chinese Office Action dated Apr. 17, 2014 for corresponding Chinese Application No. 201180022918.0. |
| Number | Date | Country | |
|---|---|---|---|
| 20130056311 A1 | Mar 2013 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | PCT/FI2011/050416 | May 2011 | US |
| Child | 13667156 | US |
