Patent Grant
10515493
The present disclosure is directed at methods, systems, and techniques for tracking and pictorially displaying locations of tracked individuals.
Electronic access control systems provide the ability to control or restrict an individual's ability to enter a secured area. In order to enter the secured area, the individual presents credentials that are specific to him or her to the system. The system reads the credentials and, if valid for access to the secured area, grants the individual that access. In addition to simply granting access to the secured area, the system may also keep a record of when and where the individual presents his or her credentials to determine whether the individual is present in a particular secured area and to track the individual as he or she travels through multiple secured areas.
According to a first aspect, there is provided a method for tracking and pictorially displaying locations of tracked individuals. The method comprises, for each of the tracked individuals, retrieving a location of the tracked individual and pictorially representing the location of the tracked individual on a display. The location is associated with a credentials acquisition device that has acquired credentials of the tracked individual.
Pictorially representing the location of the tracked individual may comprise displaying an indication that the tracked individual is present at the location on a map.
The map may comprise multiple areas of which each is associated with a different credentials acquisition device and/or set of credentials. The tracked individuals may be present in locations corresponding to the areas, and the indication may comprise a counting element displaying a total number of the tracked individuals in the area corresponding to the location in which the tracked individual is present.
The counting element may overlap at least part of the area corresponding to the location in which the tracked individual is present.
The map may comprise multiple areas of which each is associated with a different credentials acquisition device and/or set of credentials. The tracked individuals may be present in locations corresponding to the areas, and the indication may comprise a counting element displaying a total number of the tracked individuals in an area group comprising the area corresponding to the location in which the tracked individual is present and at least one of the other areas.
The counting element may overlap at least part of the area group.
The counting element may overlaps all of the areas comprising the area group.
The counting element may displays a total number of the individuals in the location corresponding to the area in which the tracked individual is present in addition to the total number of the individuals in the locations corresponding to the areas comprising the area group.
The counting element may display a total number of the individuals in each of the locations corresponding to the areas comprising the area group in addition to the total number of the individuals in the locations corresponding to the areas comprising the area group.
The method may further comprise acquiring the credentials of one of the tracked individuals (“acquired credentials”) using the credentials acquisition device associated with one of the locations, and determining whether the tracked individual associated with the acquired credentials has committed an anti-passback violation in association with the one of the locations.
Determining whether the tracked individual associated with the credentials that have been acquired has committed an anti-passback violation may comprise determining whether the acquired credentials have been used to access the one of the locations two successive times that are separated by less than an anti-passback time limit; and when the acquired credentials have been used to access the one of the locations two successive times that are separated by less than the anti-passback time limit, determining that the anti-passback violation has been committed.
Determining whether the tracked individual associated with the credentials that have been acquired has committed an anti-passback violation may comprise determining whether the acquired credentials have been used to access the one of the locations two successive times; and when the acquired credentials have been used to access the one of the locations two successive times, determining that the anti-passback violation has been committed.
Determining whether the tracked individual associated with the credentials that have been acquired has committed an anti-passback violation may comprise determining whether the acquired credentials have been used to access and to subsequently exit the one of the locations, and whether the acquired credentials have not been used to re-enter the one of the locations since being used to exit the one of the locations; and when the acquired credentials have not been used to access and to subsequently exit the one of the locations, and when the acquired credentials have not been used to re-enter the one of the locations since being used to exit the one of the locations, determining that the anti-passback violation has been committed.
Each of the locations may be accessible via an access point, and the method may further comprise when the anti-passback violation has been determined to have been committed, preventing the tracked individual from entering the one of the locations via the access point.
The method may further comprise receiving a request from a client to de-muster one of the tracked individuals (“de-mustered individual”); and de-mustering the de-mustered individual by receiving from the credentials acquisition device a request by the de-mustered individual to enter the one of the locations; and permitting the de-mustered individual to enter the one of the locations notwithstanding the anti-passback violation.
The de-mustering may further comprise decrementing the counting element displayed on the map for the de-mustered individual by one.
The credentials acquisition device may comprise a muster station in one of the locations.
The method may further comprise receiving a request from a client for more particular information about any one or more of the tracked individuals present in any one of the locations; retrieving the more particular information; and displaying, on the display, a listing comprising the more particular information.
The request may comprise a selection of the indication via a user interface.
The more particular information may comprise a name of each of the any one or more tracked individuals.
The more particular information may comprise a last badged location of the tracked individual, the last badged location of the tracked individual comprising the location associated with the credentials acquisition device that last acquired the credentials of the tracked individual.
The more particular information may comprise a last badged time of each of the tracked individuals, the last badged time comprising the time at which the last badged location was acquired.
At least some of the locations may comprise physically enclosed spaces.
At least some of the locations may comprise non-physically enclosed spaces.
The map may comprise a three dimensional rendering of a building.
A non-counting element may be displayed on the map. The non-counting element may provide information other than how many of the tracked individuals are present in any of the locations.
According to another aspect, there is provided a system for tracking and pictorially displaying locations of tracked individuals. The system comprises an access controller; a credentials acquisition device communicatively coupled to the access controller and operable to acquire credentials of the tracked individuals; and a non-volatile memory communicatively coupled to the access controller and having stored thereon the credentials of the tracked individuals and a location associated with the credentials acquisition device. The access controller is configured to perform a method comprising, for each of the tracked individuals, retrieving, as a location of the tracked individual, the location associated with the credentials acquisition device that has acquired the credentials of the tracked individual; and pictorially representing the location of the tracked individual on a display that is communicatively coupled to the access controller.
Pictorially representing the location of the tracked individual may comprise displaying an indication that the tracked individual is present at the location on a map shown on the display.
The map may comprise multiple areas of which each is associated with a different credentials acquisition device and/or set of credentials. The tracked individuals may be present in locations corresponding to the areas, and the indication may comprise a counting element displaying a total number of the tracked individuals in the area corresponding to the location in which the tracked individual is present.
The counting element may overlap at least part of the area corresponding to the location in which the tracked individual is present.
The map may comprise multiple areas of which each is associated with a different credentials acquisition device. The tracked individuals may be present in locations corresponding to the areas, and the indication may comprise a counting element displaying a total number of the tracked individuals in an area group comprising the area corresponding to the location in which the tracked individual is present and at least one of the other areas.
The counting element may overlap at least part of the area group.
The counting element may overlap all of the areas comprising the area group.
The counting element may display a total number of the individuals in the location corresponding to the area in which the tracked individual is present in addition to the total number of the individuals in the locations corresponding to the areas comprising the area group.
The counting element may display a total number of the individuals in each of the locations corresponding to the areas comprising the area group in addition to the total number of the individuals in the locations corresponding to the areas comprising the area group.
The access controller may be further configured to determine whether the tracked individual associated with the acquired credentials has committed an anti-passback violation in association with the location associated with the anti-passback device.
The access controller, to determine whether the anti-passback violation has been committed, may be further configured to determine whether the acquired credentials have been used to access the location two successive times that are separated by less than an anti-passback time limit; and when the acquired credentials have been used to access the location two successive times that are separated by less than an anti-passback time limit, determine that the anti-passback violation has been committed.
The access controller, to determine whether the anti-passback violation has been committed, may be further configured to determine whether the acquired credentials have been used to access the locations two successive times; and when the acquired credentials have been used to access the locations two successive times, determine that the anti-passback violation has been committed.
The access controller, to determine whether the anti-passback violation has been committed, may be further configured to determine whether the acquired credentials have been used to access and to subsequently exit the location, and whether the acquired credentials have not been used to re-enter the location since being used to exit the location; and when the acquired credentials have not been used to access and to subsequently exit the location, and when the acquired credentials have not been used to re-enter the location since being used to exit the location, determine that the anti-passback violation has been committed.
The location may be accessible via an access point, and the access controller may be further configured to, when the anti-passback violation has been determined to have been committed, prevent the tracked individual from entering the one of the locations via the access point.
The access controller may be communicative with a client, and in response to a request from the client to de-muster one of the tracked individuals (“de-mustered individual”), may de-muster the de-mustered individual by permitting the de-mustered individual to enter the location notwithstanding the anti-passback violation.
The access controller may be further configured to decrement the counting element displayed on the map for the de-mustered individual by one.
The credentials acquisition device may comprise a muster station in one of the locations.
The access controller may be communicative with a client, and in response to a request from the client for more particular information stored on the non-volatile memory about any one or more of the tracked individuals present in any of the locations, may retrieves the more particular information from the non-volatile memory; and display, on the display, a listing comprising the more particular information.
The request may comprise a selection of the indication via a user interface.
The more particular information may comprise a name of each of the any one or more tracked individuals.
The more particular information may comprise a last badged location of the tracked individual, the last badged location of the tracked individual comprising the location associated with the credentials acquisition device that last acquired the credentials of the tracked individual.
The more particular information may comprise a last badged time of each of the tracked individuals, the last badged time comprising the time at which the last badged location was acquired.
At least some of the locations may comprise physically enclosed spaces.
At least some of the locations may comprise non-physically enclosed spaces.
The map may comprise a three dimensional rendering of a building.
A non-counting element may be displayed on the map. The non-counting element may provide information other than how many of the tracked individuals are present in any of the locations.
The system may further comprise the client and the display.
According to another aspect, there is provided a non-transitory computer readable medium having encoded thereon computer program code that, when executed by a controller, causes the controller to perform any aspects of the method described above and suitable combinations thereof.
This summary does not necessarily describe the entire scope of all aspects. Other aspects, features and advantages will be apparent to those of ordinary skill in the art upon review of the following description of specific embodiments.
In the accompanying drawings, which illustrate one or more example embodiments:
Directional terms such as “top”, “bottom”, “upwards”, “downwards”, “vertically”, and “laterally” are used in the following description for the purpose of providing relative reference only, and are not intended to suggest any limitations on how any article is to be positioned during use, or to be mounted in an assembly or relative to an environment. Additionally, the term “couple” and variants of it such as “coupled”, “couples”, and “coupling” as used in this description are intended to include indirect and direct connections unless otherwise indicated. For example, if a first device is coupled to a second device, that coupling may be through a direct connection or through an indirect connection via other devices and connections. Similarly, if the first device is communicatively coupled to the second device, communication may be through a direct connection or through an indirect connection via other devices and connections.
As used herein, “A and/or B” means “one or both of A and B”.
Ensuring that only authorized individuals access protected or secured areas may be crucially important (e.g., at an airport, a military installation, office building etc.). Protected or secured areas may be defined by physical doors (e.g., doors through which a human may enter) and walls, or may be virtually defined in other ways. For instance, a protected area may be defined as one in which unauthorized entry causes a detector to signal intrusion and optionally send a signal or sound an alarm either immediately or if authorization is not provided within a certain period of time. As another example, a secured area may be virtually defined as a directory of a filing system on a computer that requires the user of that computer to possess a certain clearance prior to being granted access to that directory.
Access control systems may limit entry into protected or secured areas of buildings, rooms within buildings, real property, fenced-in regions, or assets and resources therein, to only those individuals who have permission to enter.
Thus, an access control system should identify the individual attempting to enter the secured area, which may comprise an attempt to access assets, and verify the individual is currently authorized to enter. Described herein are access control systems, devices, and methods that may encompass any suitable access technology, such as the following:
The above list of access technologies is not meant to be exhaustive. Furthermore, some facilities may use combinations of these technologies. The technologies may be used in any environment, including in government facilities, private businesses, public facilities, and in an individual's home.
As a further explanation of some of the above access technologies, some current access control systems use doors equipped with an entry device such as a key pad, through which an individual enters a PIN or password. The key pad has an attached memory or elementary processor in which a list of valid PINS/passwords is stored, so that the PIN/password may be checked to determine whether it still is valid. If the PIN/password is valid, the door opens; otherwise the door remains locked. Such elementary access control mechanisms offer relatively minimal security. For example, a terminated employee may no longer be authorized to go through a door; however, a terminated employee who remembers his PIN still may be able to open the door. Therefore, it would be necessary to “deprogram” the PIN of terminated employees. Such a procedure, however, may be very cumbersome and costly: a facility may have hundreds of doors, and deprogramming all such doors whenever an employee leaves or is terminated may be impractical.
Some current card-based access control systems use radio frequency identification (RFID) technology. The access card reader includes an RFID transceiver, and the access card includes an RFID tag or transponder. The RFID transceiver transmits a radio frequency (RF) query to the card as the card passes over the RFID transceiver. The RF transponder includes a silicon chip and an antenna that enables the card to receive and respond to the RF query. The response is typically an RF signal that includes a pre-programmed identification (ID) number. The card reader receives the signal and transmits the ID number to a control panel using a wired or wireless connection. Current card readers may perform some basic formatting of the identification data prior to sending the data to the control panel, but generally are unable to perform higher level functions.
In addition to provisioning/de-provisioning access to assets such as physical areas, the access controllers, systems, and methods disclosed herein also may provision a user/credential identity store with logical privileges to provide access to logical assets or resources such as files, computing resources, or other computing systems. Furthermore, access to the logical assets or resources may vary depending on the physical location of the individual requesting such access.
The access controllers, control systems, and control methods are described below with reference to the following terms:
In an embodiment, the access controller comprises a computer comprising a processor and a non-transitory computer readable medium communicative with the processor, with the non-transitory medium having stored thereon computer program code that, when executed by the processor, causes the access controller to perform one or more of the methods described herein, or suitable combinations thereof. The computer may run, for example, the Linux™ operating system. The computer may be designed for desktop, rack mountable, cloud based, or embedded use. In one embodiment, the computer provides the necessary processor, storage, and connectivity for the computer program code and all required computer program code is loaded onto the computer without requiring any installation onto any other computer system. In another embodiment, the computer may comprise one or more processors networked with one or more computer readable media, and the computer program code and/or execution thereof may be performed in a distributed manner across more than one of the processors.
The access controller provides an improved way to maintain credentials and associated access privileges and to transmit in real time events using an existing information technology (IT) infrastructure and databases without the need to access or otherwise use proprietary communication protocols.
The access controller, as a self-provisioning access device, may obtain and maintain a cached list of credentials and associated access privileges; these data allow the access controller to make on-the-spot, real-time access decisions without communication to any other access control system(s). The cache of credentials and associated access privileges may be acquired from one or more host systems periodically, including on a schedule, in real time, or as a complete snapshot. For example, the access controller may, in effect, continuously access a host system directory of access credentials and associated access privileges, and download some or all of the credentials and privileges. In an embodiment, the access controller downloads these data for a select number of individuals. An individual for whom the data are downloaded may be uniquely identified, identified by group association, or identified by assigned roles(s).
The access controller may be used in either real-time (on demand) or on a schedule, to send real time events to a logging and monitoring device or system. In one example embodiment, an event may be an access door unlocking or locking, an access door open or closed signal (e.g., from a limit switch or position sensor, or based on a logic routine), an access door fault or unusual operation (open for a time exceeding a variable threshold), etc. The events may be sent in any number of formats, including XML, directly into a relational database or system logging facility of any number of remote devices or systems. If connectivity is lost, the access controller may buffer the events and may continue event transmission when connectivity is re-established.
The access controller may comprise or provide a browser-accessible user interface. The interface provides an access control system operator the ability to configure any number of access points (e.g., doors) and their operation, and associated mapping to individuals and/or groups (on an individual basis, group basis, and/or defined role basis) to convey access privileges. With the same interface, the operator may configure the access controller to communicate with credential sources, including credential sources implemented in or using a relational database, a directory or hierarchical data store, flat files such as comma-separated value (CSV) file, any common ASCII file, a unicode file, or any suitable text file.
With the interface, the operator selects and configures a type of data synchronization including timed intervals, scheduled, on-demand, and real-time. The synchronization methods may include subscription, in which a host access credentials and policy system “pushes” information changes to the access controller; audit trail, in which the access controller requests information updates; or data modification triggers, in which code written into the host system detects information changes and sends the changed information to the access controller. The subscription method may require a persistent, always-on connection between the host system and the access controller while the other example two methods may use a transient connection.
The access controller initiates connection(s) to the sources and retrieves the credential and policy information to build the controller's local cache. Each individual may have a unique identifier to collate the individual's information from multiple sources into a single record. Once transferred to the local cache, the information may be used in access decisions as credentials are presented at access control points.
The access controller may log events, and the logs may be configured with the user interface to establish any number of devices, services, and systems as event recipients. The access controller may send the events to a remote monitoring service in any number of formats including, for example, SNMP, XML via direct socket connection (GSM, LAN, WAN, WiFi), Syslog, and through a serial port.
The access controller may be used to assign priorities to events. The event priorities may determine which events, and in what order, those events are sent to the remote monitoring service. Alternatively or additionally, the event priorities may determine how the remote monitoring service displays those different events. For example, the events having a relatively high priority may be displayed in an attention attracting manner, such as by using bright colors or large or flashing text, compared to events having relatively low priority.
The enclosed area 12 includes a computing platform 101 on which are implemented access control features that control, monitor, and report on operation of the door systems 20. The computing platform 101 may be fixed or mobile. The computing platform 101 is shown inside the enclosed area 12 but need not be. In executing its control, monitoring, and reporting functions, the computing platform 101 with its access control features may communicate external to the enclosed area 12 by way of a network 50 with the (remote) directory 200 and with (remote) event monitoring workstation 300. The network 50 may be wired and/or wireless, and may provide for secure communications and signaling in addition to non-secure communications and signaling.
The enclosed area 12 may be a room in a building, the building itself, or any other structure. The enclosed area 12 is not limited to a six-sided configuration. The enclosed area 12 could be an open structure (e.g., a sports stadium), a fenced-in area (e.g., an area surrounding a runway), or an area having an “invisible” fence or “virtual walls.” The enclosed area 12 may be geographically fixed (e.g., a building, a room in a building) or mobile (e.g., a trailer, airplane, ship, or container).
The enclosed area 12 may be used to control access to government and/or business premises, classified documents and/or devices contained therein, access to computer systems contained therein, access to individuals, access to valuable items such as rare paintings, jewelry, etc., and access to dangerous materials or systems. The enclosed area 12 may, for example, be a safe or vault at a bank, a control room for a nuclear reactor, a hangar for a classified, new-technology airplane, or a passenger gate at an airport.
In a mobile configuration, the enclosed area 12 may be used, for example, in field operations to quickly establish a secure facility anywhere in the world. The security of such a mobile enclosed area 12 will be apparent from the discussion that follows. Moreover, the mobile enclosed area 12 may be used for very different operations, with different individuals able to access the mobile enclosed area 12, depending on its intended use, by configurations changes implemented through a user interface, as described below. Thus, the access control system 10 provides not only high levels of security, access control, event monitoring, and reporting, but also the flexibility to quickly adapt the mobile enclosed area 12 to any operation or mission, anywhere in the world, for which access control is desired.
Returning to
The peer-to-peer communications 120 allow an access controller 100 to send and receive access status information and events to and from the other access controllers 100 used in the enclosed area 12. Thus, if a door system 20 is inoperative, its associated access controller 100 may provide this information to the other access controllers 100. The peer-to-peer communications 120 allow one access controller 100 to act as a parent (master) access controller and the remaining access controllers 100 to act as child (subservient) access controllers. In this aspect, information and configurations may be stored or implemented on the parent access controller and then may be replicated on the child access controllers.
The access controller 100 may communicate with the door systems 20 using wired and/or wireless secure communications 130.
The door systems 20, which are described in more detail with reference to
The credential & policy directory 200 shown in
A directory 200 may include identification information (e.g., name, age, physical characteristics, photograph) for individuals who may be allowed access to the enclosed area 12, the identification credentials of the individuals (e.g., PIN/password, RFID tag, certificate), and other information.
The event monitoring workstation 300 may be implemented by the same entity as that of the enclosed area 12. Alternatively, the event monitoring workstation 300 may be implemented by and at an entity separate and apart from that of the enclosed area 12.
The event monitoring workstation 300 may receive event data from the access controllers 100.
The locking mechanism 24 includes a remotely operated electro-mechanical locking element (not shown) such as a dead bolt that is positioned (locked or unlocked) in response to an electrical signal sent over the signal path 21 from the door controller 26.
The door controller 26 receives credential information over the signal path 29 from the credential reader 28 and passes the information to the access controller 100 over another signal path 130. The door controller 26 receives lock/unlock signals from the access controller 100 over the signal path 130. The door controller 26 sends lock mechanism lock/unlock signals over the signal path 21 to the locking mechanism 24.
The credential reader 28 receives credential information 40 for an individual 42. The credential information 40 may be encoded in an RFID chip, a credential on a smart card, a PIN/password input using a key pad, and biometric data such as fingerprint and retina scan data, for example.
The door system 20 operates based on access request signals sent to the access controller 100 and access authorization signals received, in response, from the access controller 100. The door system 20 may incorporate an auto lock feature that activates (locks) the door 22 within a specified time after the door 22 is opened and then shut, after an unlock signal has been sent to the locking mechanism 24 but the door 22 not opened within a specified time, or under other conditions. The auto lock logic may be implemented in the door controller 26 or the locking mechanism 24.
The door system 20 may send event signals to the event monitoring system 300 by way of the access controller 100. Such signals include door open, door closed, locking mechanism locked, and locking mechanism unlocked. As noted above, the signals may originate from limit switches in the door system 20.
In one example embodiment, a door system 20 may be used only for entry and a separate door system 20 may be used only for egress.
However configured, the door systems 20 may trigger the event that indicates when an individual 42 enters the enclosed area 12 and when the individual 42 has exited the enclosed area 12, based on information obtained by reading credential information 40 of the individual 42 on entry and exit, respectively. These signals may be used to prevent reentry without an intervening exit, for example. The presence or absence of these signals also may be used to prevent access to areas and systems within the enclosed area. For example, the individual 42 may not be allowed to log onto his computer in the enclosed area 12 in the absence of an entry signal originating from one of the door systems 20 of the enclosed area 12. Thus, the access controller 100 and its implemented security functions may be a first step in a cascading series of access operations to which the individual may be exposed.
The door systems 20 may incorporate various alarms such as for a propped open door 22, a stuck unlocked locking mechanism 24, and other indications of breach or fault.
The access control system 10 may also be used to track individuals who access the enclosed area 12 using the credentials 40 in a process referred to as “mustering”. Mustering comprises using an individual's credentials 40 to determine whether that individual is within one of the enclosed areas 12 monitored by the access control system 10, and if so, which of the enclosed areas 12 that is. Referring now to
In the depicted embodiments, the map 400 is a two-dimensional, pictorial representation of a real world location. In alternative embodiments, however, the two-dimensional map 400 may be replaced with a different type of pictorial representation. For example, the map 400 may be rendered in three dimensions and represent an entire building as opposed to a floorplan of one floor of the building. More generally, the map 400 may be replaced with any pictorial representation of a real world location, such as one or more buildings, one or more floors of a building, a bank vault, a power plant, a room, an office tower, and portions thereof.
Referring now to
In one example embodiment the web server 1203 may be an Nginx server configured to have both web server and reverse proxy functionality, but in alternative embodiments the web server 1203 may comprise a different type of server.
The database 1210 is communicative with the application server 1202, the HAL 1206, and the realtime server 1204. The middleware 1208 sends messages to the realtime server 1204 and is also communicative with the HAL 1206. The database 1210 may, for example, be a lightweight directory access protocol (LDAP) database. The middleware 1208 may, for example, be a Redis data structure server that also serves as a fast, in-memory cache as well as messaging middleware that implements a publish/subscribe messaging system.
While the browser 1200 is shown in
Stored in the database 1210 are records including information such as a list of the credentials 40 associated with the tracked individuals, identification information for the tracked individuals, and information regarding which of the credentials 40 have been assigned to which of the tracked individuals. In
While the computing system 101 of
When an individual presents credentials 40 to a credentials acquisition device such as the credentials reader 28, the reader 28 reads a token from the credentials 40 and transmits the token to the door controller 26, which in turn relays the token to the controller 100. Once the HAL 1206 receives the token, the controller 101 generates and logs transaction data. The transaction data comprises the token, the location (in terms of one of the areas 12) secured by the credentials reader 28 that obtained the token, and a date and time stamp of when the credentials reader 28 read the token. This transaction data is sent to the database 1210 where the identity of the tracked individual associated with the token is retrieved and logged with the transaction data. The token counts in the middleware 1208 are subsequently updated, and the middleware 1208 pushes the token count for each of the areas 12 to the realtime server 1204 for transmission to and display on the workstation 300 via the browser 1200. In this way the database 1210 and the middleware 1208 store up-to-date data regarding which tokens are associated with which areas 12, which corresponds to which tracked individuals are located in which areas 12.
In
The controller 100 permits the operator of the access control system 10 to monitor security related events using the map 400. A “security related event” that the access control system 10 can monitor may be any event that the access control system 10 can detect using one or both of its hardware and software or those events fed to it from external systems. A security related event may, for example, be any of the doors opening or closing, the lock on any of the doors being tampered with, a certain number of people being in one of the areas 12, an unauthorized entry via any access point such as a door or window, motion detected by a camera, power failure on hardware connected to or comprising part of the access control system 10, computer network activity, feeds from external systems that are interfaced with the access control system 10, an operator of the access control system 10 logging into or accessing the access control system 10, and an operator of the access control system 10 accessing or changing certain data that the access control system 10 stores, such as data in the database 1210 relating to locations of tracked individuals.
The map 400 of
The operator creates and configures the map 400 prior to using it. Prior to creating the map 400, the operator configures the map elements 402. In order to configure the map elements 402, the operator may perform the method 900 shown in
Referring now to the method 1000 of
Referring now to
Each of the area groups is represented by a counting element that is shown on the map 400. Although not depicted, the operator may graphically associate the areas 12 and area groups defined in
The panel 604 provides the operator with a variety of options when customizing the interface 600. For example, as shown in
Referring now to
Referring now to
The method begins at block 1302 where the browser 1200 makes a connection to the realtime server 1204 via the web server 1203 in response to the operator viewing the map 400, as alluded to above in respect of
As mentioned above, when the door controller 26 permits someone access to one of the areas 12 in response to being presented with credentials 40, the database 1210 is updated with the new token count for the area 12 in question, and the middleware 1208 is subsequently updated with this new token count. Once updated, the middleware 1208 publishes a notification to the realtime server 1204 that the token count in one of the areas 12 has changed; in the event the token counts in more than one of the areas 12 have changed, the middleware 1208 publishes multiple notifications.
Referring now to
At block 1110, the operator determines whether all of the tracked individuals are in safe areas. If so, the operator may proceed to block 1118 where the method 1100 ends. However, in the map 400 of
Referring now to
The controller 100 may alert the operator to the occurrence of one or more of the security related events by displaying an alarm panel 500, such as that shown in
The alarm panel 500 also comprises a row of buttons 512: an “acknowledge” button that permits the operator to acknowledge the alarm, which dismisses it; a “camera” button and a “recorded video” button to view live and recorded video, respectively, from a camera recording a region where the event triggering the alarm occurred (e.g., if the alarm is that an invalid credential has been presented, the video may be of the individual presenting the credential; an example video is shown in
Anti-passback
In one embodiment, the system attempts to prevent the tracked individuals from “passing back” their credentials 40; that is, from using their credentials 40 to let a third party into one of the areas 12 without first exiting that area 12. To implement functionality that prevents passing back from occurring (“anti-passback functionality” or “APB functionality”), the access control system 10 may use credential readers 28 inside and outside of the areas 12 and require that credentials 40 be presented to those readers 28 in order to enter and exit the areas 12. For example, if a tracked individual presents his or her credentials 40 to one of the readers 28 to enter one of the areas 12, then presents his or her credentials 40 again to leave one of the areas 12, and then tries to re-enter that area 12 by presenting his or her credentials 40 again, the controller 100 would not conclude an anti-passback violation has occurred. However, if a tracked individual presents his or her credentials 40 to one of the readers 28 to gain access to one of the areas 12 and then passes his or her credentials 40 back to a third party who tries to enter the area 12 with those credentials 40 without the tracked individual first having left the area 12, the controller 100 would determine that an anti-passback violation has occurred. In another embodiment (not depicted), the anti-passback violation may only be triggered if a tracked individual presents his or her credentials 40 to gain access to one of the areas 12 and if the door 22 to that area 12 is opened and closed after unlocking in response to the presentation of the credentials 40; this addresses the scenario in which the individual may be granted access to, but not actually enter, the area 12.
Various rules, which can be stored in the credential and policy directory 200, can be used to determine whether or not an anti-passback violation has occurred:
The access control system 10 also permits the operator to de-muster the areas 12. In one embodiment, de-mustering allows the operator to temporarily suspend the APB rules to permit one or more of the tracked individuals to enter an area 12 notwithstanding that doing so would trigger an anti-passback violation but for the suspension of the APB rules. The operator may de-muster in this manner by selecting any one or more tracked individuals, in which case the APB rules are suspended for those one or more tracked individuals; any one or more counting elements for the areas 12, in which case the APB rules are suspended for any tracked individuals in those one or more areas 12; and any one or more counting elements for the area groups, in which case the APB rules are suspended for any tracked individuals in those one or more area groups. For example, if the APB rules are preventing a tracked individual from re-entering an area 12 he or she had previously been in, suspending the APB rules permits that individual to re-enter that area 12 regardless of whether doing so would result in an anti-passback violation but for the suspension of the APB rules. De-mustering may be used after an emergency situation has ended, for example, and the operator wishes to permit all tracked individuals to return to the areas 12 from which they came without having to consider whether doing so will result in any anti-passback violations. In an alternative embodiment, de-mustering may comprise resetting, as opposed to only temporarily suspending, the APB rules. When de-mustering is done in this manner, any counting elements on the map 400 showing the location of the tracked individuals being de-mustered are updated once those individuals present their credentials 40 to enter a new area 12.
In some embodiments, the controller 100 records in the database a “last area” attribute representing the last area 12 in which the tracked individual is recorded as being present. In these embodiments, de-mustering may additionally or alternatively comprise the operator manually updating the last area attribute for any one or more tracked individuals. As described in the immediately preceding paragraph, the operator may select which of the tracked individuals to de-muster on a per individual basis, on a per area 12 basis, or on a per area group basis. More than one of the tracked individuals may be simultaneously de-mustered, in which case the operator may select a new last area for all of the individuals being de-mustered, and the controller 100 may then simultaneously update the last area attribute for all of these de-mustered individuals. Once the last area attribute is updated, the controller 100 updates the counting elements on the map 400 to reflect the new last area for the de-mustered individuals.
Alternatively or additionally, de-mustering one of the tracked individuals comprises deleting from the database 1204 the last area for that individual, updating the map 400 by decrementing the counting element associated with that individual by one, waiting for the individual to again present his or her credentials 40 to one of the credential readers 28, and then updating the last area attribute and the map 400 once the controller 100 obtains a new area 12 for that individual by virtue of having read the credentials 40. As above, de-mustering in this manner may be done on a per tracked individual, per area 12, or per area group basis.
While in the above embodiments the controller 100 performs mustering by monitoring who has entered the areas 12 via the door systems 20, in alternative embodiments (not depicted) mustering may additionally or alternatively be performed in one or more other ways. For example, the controller 100 may be configured to require individuals to present their credentials 40 to a muster station (not shown) within the areas 12 that does not grant the individuals access into or out of any of the areas 12 but that the controller 100 nonetheless uses to determine who is present in which of the areas 12. The muster station may or may not be a standalone device and comprises the credential reader 28 to permit it to read the individuals' credentials 40. Using a mustering station that is decoupled from the door systems 20 permits the controller 100 to accurately track individuals notwithstanding a passback violation that may have granted those individuals access to the areas 12 without first scanning those individuals' credentials 40.
It is contemplated that any part of any aspect or embodiment discussed in this specification can be implemented or combined with any part of any other aspect or embodiment discussed in this specification.
For the sake of convenience, the example embodiments above are described as various interconnected functional blocks. This is not necessary, however, and there may be cases where these functional blocks are equivalently aggregated into a single logic device, program or operation with unclear boundaries. In any event, the functional blocks can be implemented by themselves, or in combination with other pieces of hardware or software.
While particular embodiments have been described in the foregoing, it is to be understood that other embodiments are possible and are intended to be included herein. It will be clear to any person skilled in the art that modifications of and adjustments to the foregoing embodiments, not shown, are possible.
This is the U.S. National Stage of International Application No. PCT/CA2015/015274, filed Dec. 4, 2015, which was published in English under PCT Article 21(2), which in turn claims the benefit of U.S. Provisional Application No. 62/088,281, filed Dec. 5, 2014.
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/CA2015/051274 | 12/4/2015 | WO | 00 |
| Publishing Document | Publishing Date | Country | Kind |
|---|---|---|---|
| WO2016/086315 | 6/9/2016 | WO | A |
| Number | Name | Date | Kind |
|---|---|---|---|
| 6424264 | Giraldin et al. | Jul 2002 | B1 |
| 8009013 | Hirschfeld et al. | Aug 2011 | B1 |
| 8122497 | Neely | Feb 2012 | B2 |
| 8228198 | McAllister | Jul 2012 | B2 |
| 8533814 | Neely | Sep 2013 | B2 |
| 8868341 | Roy, Jr. | Oct 2014 | B1 |
| 9509719 | Neely | Nov 2016 | B2 |
| 20080030359 | Smith | Feb 2008 | A1 |
| 20080246583 | Blake | Oct 2008 | A1 |
| 20090065578 | Peterson et al. | Mar 2009 | A1 |
| 20100282839 | Zura et al. | Nov 2010 | A1 |
| 20140035726 | Schoner | Feb 2014 | A1 |
| 20140043186 | Karayil Thekkoott | Feb 2014 | A1 |
| 20150325101 | T | Nov 2015 | A1 |
| Number | Date | Country |
|---|---|---|
| WO 2007019611 | Feb 2007 | WO |
| WO 2016086315 | Jun 2016 | WO |
| Entry |
|---|
| Emerson Service Data Sheet; “Wireless Safety Mustering”; Oct. 2012; 4 pages. |
| Smart Media Innovations; “Mustering from Smart Media Innovations”; undated, obtained from website www.smi-global.co.uk on Sep. 5, 2014; 2 pages. |
| Nortech Control; “Roll call and muster to account for everyone during an emergency or fire drill”; undated, obtained from website www.nortechcontrol.com/access-control/what-is-access-control/access-control-in-edu . . . on Sep. 5, 2014; 2 pages. |
| International Search Report and Written Opinion dated Jan. 13, 2016, dated Feb. 9, 2016; issued by the Canadian Intellectual Property Office in Patent Cooperation Treaty Application No. PCT/CA2015/051274, filed Dec. 4, 2015. 8 pages. |
| Number | Date | Country | |
|---|---|---|---|
| 20170270722 A1 | Sep 2017 | US |
| Number | Date | Country | |
|---|---|---|---|
| 62088281 | Dec 2014 | US |
