1. Field of the Invention
The field of the invention relates to access control systems generally, and more particularly to certain new and useful advances in offline smart-card readers and their integration with a networked physical access control system (“PACS”) via one or more smartcards, of which the following is a specification, reference being had to the drawings accompanying and forming a part of the same.
2. Discussion of Prior Art
Traditionally, a PACS has been either online or offline. An online, or networked, PACS stores an individual's access privileges in a database on single or multiple controllers, which are connected to credential reading devices (e.g., “reader” or “reader/writer”) that control access to entry/exit points, such as doors. An online PACS is typically deployed in situations where access control privileges change often with time, and in situations where access control of a facility needs to be as strong and secure as possible.
The offline PACS 118 also pushes the access privilege information and decision-making capabilities to the offline reader 106, which is capable of reading the smartcard identifier 211 from a smartcard 200 when the smartcard 200 is presented. In the offline PACS 118, a copy of the replicated master database 105 containing each smartcard identifier 211 and its associated access privileges is stored at every entry/exit point, i.e., on each offline reader 106. Unlike the online readers 108 in the online PACS 116, each offline reader 106 is not connected to a central point or amongst each other. Consequently, updating access privilege information is difficult, since the requisite database (or firmware) modifications must be done manually for each and every offline reader 106.
Embodiments of an improved physical access control system (“PACS”) and methods for operating the same are disclosed herein.
Embodiments of the invention address a long-standing problem, which is the need to manually update access control information at the PACS' offline entry/exit points. Embodiments of the invention also update the access control information of the offline portions of a PACS more frequently than is possible in a conventional PACS. Additionally, embodiments of the invention avoid the need to update offline access control information via controllers, which sometimes become overloaded. Embodiments of the invention also avoid the need to manually update each offline reader with updated copies of a replicated master database.
Embodiments of the invention also have other advantages including cost and ease of deployment. In terms of business, it translates to lower cost product for customers who have a few entry points offline, such as main gates, because it is not necessary to hardwire the readers that operate the offline entry points. Consequently such customers are able to inexpensively expand the area of a facility that employs access control features.
In contrast to the conventional PACS described above, embodiments of the invention are able to receive information about the operational status of a PACS' offline reader(s). Embodiments of the invention are also able to update a smartcard's credentials when the smartcard interacts with a PACS' online reader. Additionally embodiments of the invention provide a smartcard that is configurable to control access to an offline entry/exit point based on information read from an offline reader coupled with the offline entry/exit point.
In an embodiment, a PACS comprises an online (networked) portion, an offline portion, and a smartcard configurable to transfer information between the online portion and offline portion. The information to be transferred comprises at least one of access control information, credentials, and data from the offline portion of the PACS. The data from the offline portion of the PACS comprises transactional information and/or offline-reader status information.
Other features and advantages of the disclosure will become apparent by reference to the following description taken in connection with the accompanying drawings.
Reference is now made briefly to the accompanying drawings, in which:
Like reference characters designate identical or corresponding components and units throughout the several views, which are not to scale unless otherwise indicated.
As used herein, an element or function recited in the singular and proceeded with the word “a” or “an” should be understood as not excluding plural said elements or functions, unless such exclusion is explicitly recited. Furthermore, references to “one embodiment” of the claimed invention should not be interpreted as excluding the existence of additional embodiments that also incorporate the recited features.
The term “smartcard” refers to a portable apparatus comprising a computer processor that is configurable to control (e.g., “grant or deny”) access to an offline entry/exit point, to provide credentials to an online entry/exit point, and/or to store access control information and/or the credentials in a computer-readable memory.
“Access control information”, comprises data such as, but not limited to: offline reader status information, timestamp information, a revoked list, reader instructions to grant or deny access to an entry/exit point (e.g., to unlock, lock, open, or close a door), and so forth. “Access control information” also comprises data such as, but not limited to, new or updated programs, byte codes, assemblies, scripts, and executables that are unique to a facility for which a PACS is implemented. An “assembly” is a partially compiled code library for use in deployment, versioning and security in the Microsoft .NET framework.
“Credential information”, e.g., “credentials,” refers to a smartcard holder identifier (e.g., “badge id”) and/or to the access privileges associated therewith that are unique to a given smartcard holder for a section of the facility or the whole of the facility. A non-limiting example of “credentials” is a physical access control list containing an offline reader identifier, a smartcard holder identifier, and one or more access privileges associated therewith.
The term “door” refers to any type of barrier used to control access through an entry/exit point.
An offline “reader identifier” is a set of alphabetic, numeric, or alphanumeric characters, which is uniquely associated with an offline reader of a PACS. An online “reader identifier” is a set of alphabetic, numeric, or alphanumeric characters, which is uniquely associated with an online reader of a PACS. A reader can have different schemes to code its unique “reader identifier.” That way of example, and not limitation, a reader identifier may comprise one or more of the following elements:
an organization identifier;
The facility identifier may comprise a building identifier and/or a zone identifier. Various combinations of any of the above listed elements are possible. One non-limiting example of such a reader identification scheme is shown below.
A “smartcard holder identifier” comprises a set of alphabetic, numeric, or alphanumeric characters, which is uniquely associated with a smartcard holder of a PACS. Any suitable smartcard holder identification scheme can be used.
The term “smartcard holder” refers primarily to a person to whom the smartcard is uniquely assigned; but in certain contemplated embodiments, can also refer to an animal or a machine (e.g., a robot) to which a smartcard is uniquely assigned.
The term “reader” refers to a device configurable to read data from a smartcard and/or to write data to the smartcard.
In some embodiments, the access control information is transmitted between a reader and the smartcard and/or stored on the smartcard in the clear. In other embodiments, the access control information is transmitted between a reader and the smartcard and/or stored on the smartcard as encrypted data. Encrypted access control information with signature helps check for any changes in the access control information and the correctness of the source of the access control information. Similarly, in some embodiments, the credentials are transmitted between a reader and the smartcard and/or stored on the smartcard in the clear. In other embodiments the credentials are transmitted between a reader and the smartcard and/or stored on the smartcard as encrypted data.
A host—controller (e.g., first) communications path 322 links the host computer 302 with an online controller 304, on which is stored a replicated master database 305. The replicated master database 305 is a copy of the master database 303 and is updated either by changes to the master database 303 or by changes made to the smartcard 301 by an offline reader 306. Online controller—reader (e.g., second) communications paths 324 link to the controller 304 with one or more online readers 308. One or more online reader—entry/exit point communications paths 326 link each of the online readers 308 with an entry/exit point 312. In one embodiment each entry/exit point 312 is a door having an electronic lock.
In the offline portion 318 an offline reader 306, which stores an offline reader identifier 307, instead of a copy of the replicated master database 305, is coupled with an offline entry/exit point 314 via an offline reader—entry/exit point (e.g., third) communications path 330.
A specially configured smartcard 301 stores (e.g., carries) and/or transmits access control information 309 between the online portion 316 and the offline portion 318 of the PACS 300. The smartcard 301 also stores (e.g., carries) credentials 311.
In direct contrast to conventional smartcards, which store only smartcard identifiers, embodiments of the invention provide a smartcard 301, which is configurable as an information, data, or program carrying bridge between an online portion 316 of a PACS and its offline portion 318. In further contrast to conventional smartcards, embodiments of the claimed smartcard 301 are configurable to store access control information 309 that is: (i) transmitted from a PACS' online portion 316 to a particular target offline reader 306, (ii) transferred from one offline reader 306 to another, or (iii) transferred from one or more offline readers 306 to the PACS' online portion 316. In an embodiment, this manner of carrying access control information 309 via one or more smartcards for 301 to the target offline readers 306 is used to instruct the offline portion 318 of the PACS 300 to achieve a result, such as, but not limited to: banning an entry, banning an exit, channeling a smartcard holder in a desired direction, locking the smartcard holder in a predetermined area, etc. Embodiments of the smartcard 301 described and claimed herein are configurable to track the movements and identities of the smartcard holder.
In an embodiment of a PACS 300, one or more types of access control information 309 (such as a revoked list) will flow from its online portion 316 to the offline portion 318 of the PACS 300, as indicated by the arrow 320; however, in some embodiments offline reader status information (e.g., another type of access control information 309) will flow from the offline portion 318 to the online portion 316 of the PACS 300.
Access control information 309 is usually available at the online host computer 303 or stored in the replicated master database 305 of an online controller 304; however, in embodiments of a PACS 300, one or more types of access control information 309 can also be transferred to one or more offline readers 306 using the smartcard 301.
For example, in one embodiment where the access control information stored in the master database 303 and/or in the replicated master database 305 comprises both an updated access control list and a revoked list, the access control information 309 stored on the smartcard 301 can be updated as the smartcard 301 (e.g., badge) passes through the online portion 316 of the PACS 300. Thus, as the smartcard holder approaches an online reader 308 located at an entry/exit point 312, the online reader 308 transmits the updated access control list and/or and a revoked list to a memory of the smartcard 301.
In an embodiment, as a smartcard holder approaches an offline reader 306 located at an entry/exit point 314 of an offline portion 318 of the PACS 300, the offline reader 306 powers up and transmits its unique offline reader identifier 307 to the smartcard 301. The smartcard processor (408 in
In one embodiment, the smartcard 301 is configurable to send the “grant access” signal or the “deny access” signal to the offline reader 306. This type of proactive smartcard-to-offline reader communication is unique and believed not to have been deployed in a PACS before. In this type of communication, the smartcard 301 proactively sends various types of access control information to the offline reader 306, instead of the offline reader 306 seeking only a smartcard identifier from the smartcard 301. Additionally, in this type of communication, the smartcard 301, and not the offline reader 306, controls (e.g., determines whether to grant or deny) access to the offline entry/exit point 314. That said, the offline reader 306 may, in one embodiment, be configured to supplement the access control decision made by the smartcard 301, by checking a revoked listed stored in a memory of the offline reader 306 to determine whether the revoked list contains the smartcard identifier, and, depending on the results of the comparison, affirming or countermanding the “grant access” signal previously outputted by the smartcard 301.
In
Examples of updated data that originates in the offline portion 318 of the PACS 300 comprise, but are not limited to: transactional information and offline-reader status information.
In one embodiment, transactional information comprises a record of an event that occurs within the PACS 300. Depending on the embodiment, an event comprises one or more of: granting access, denying access, a change of access conditions, an indication of attempted—but unauthorized—access, and the like. In an embodiment, the updated record 341 stored in a memory of the smartcard 301 comprises updated transactional information.
In one embodiment, offline-reader status information comprises a record of an offline-reader's last-transmitted operational status. For example, in another embodiment, the offline reader 306 transmits updated data (e.g., offline reader status information) to the smartcard 301, which stores the updated data received from the offline reader 306 as an updated record 341. Thereafter the smartcard 301 moves along the path 328 to the online portion 318 of the PACS 300. As the smartcard 301 passes an appropriately configured online reader 308, the smartcard 301 the updated record 341 is transmitted to or read by the online reader 308. The updated data from the offline reader 306 is then stored as updated record 340 in both the replicated master database 305 and in the master database 303.
Referring to
Referring to
The method 700 further comprises transferring 704 information between the smartcard 301 and the online reader 308 or between the smartcard 301 and the offline reader 306 over the secure communication channel.
In an embodiment, information transferred between the online reader 308 and the smartcard 301, e.g., “transferred information 750,” comprises new or updated access control information 751, new or updated credentials 752, and/or updated data 753 from an offline portion 318 of the PACS 300.
In an embodiment, information transferred between the smartcard 301 and the offline reader 306, e.g., “transferred information 750,” comprises, an offline-reader identifier, new or updated access control information, and/or updated data 753 from an offline portion 318 of the PACS 300. The updated data 753 from an offline portion 318 of the PACS 300 comprises transactional information 754 and/or offline-reader status information 755.
The transferred information 750 may be encrypted (by the cryptography co-processor 406 of
The method 700 further optionally comprises verifying 706 the transferred information 750.
The method 700 further optionally comprises storing 708 the transferred information 750 and/or closing 710 the secure communication channel. In an embodiment, the transferred information 750 is stored on the smartcard 301, e.g., in a memory of the smartcard 301. In another embodiment, the transferred information 750 is stored on a controller 104, e.g., in a replicated master database 305. In one embodiment, the transferred information 750 is stored on a host server 302, e.g., in a master database 303.
Referring now to
In the same embodiment, the step of transferring 704 information is further performed by the smartcard 301 and further comprises reading 720 a new or updated record 340 from an online reader 308. In the same embodiment, the step of transferring 704 information is further performed by the smartcard 301 and further comprises storing 722 the updated record 340 in a memory of the smartcard 301 as new or updated record 341. In this embodiment, the new or updated record 340 may comprise new or updated access control information and/or new or updated credentials.
Referring still to
Referring still to
Referring still to
As mentioned above, the method 700 further optionally comprises verifying 706 the transferred information 750.
Referring now to
In an embodiment where the transferred information 750 is encrypted, the step of verifying 706 the transferred information comprises performing 734 a Message Authentication Code (“MAC”) algorithm, and outputting 736 a tag, e.g., a MAC, which protects the data integrity and authenticity of the transferred information.
In one embodiment, the step of verifying 706 the transferred information comprises authenticating 738 a digital signature. A digital signature scheme typically comprises a key generation algorithm, a signature algorithm, and a verification algorithm.
In one embodiment, the step of verifying 706 the transferred information comprises performing 740 a hash function, which is a mathematical function for converting data into a relatively small integer.
If the smartcard 301 is determined not to be valid, the method 800, the method may further comprise denying 814 access to the offline entry/exit point 314. The method 800 may further comprise logging, transmitting, or storing 816 transactional information. The transactional information may be logged to the offline reader 306, transmitted by the offline reader 306 to the smartcard 301, and stored on the smartcard 301.
If the smartcard 301 is determined to be valid, of the method 800 may further comprise transferring 806 the offline reader identifier (307 in
The method 800 may further comprise determining 812 the access privileges, if any, associated with the smartcard holder identifier and the received offline reader identifier. If no access privileges exist, the method 800 may further comprise denying 814 access to the offline entry/exit point 314 and/or logging, transmitting, or storing 816 transactional information. The transactional information may be logged to the offline reader 306, transmitted by the offline reader 306 to the smartcard 301, and stored on the smartcard 301. If access privileges exist, the method 800 may further comprise sending 818 a “grant access” signal to the offline reader 306.
In an embodiment, where the smartcard 301 acts as a carrier of a revoked list, the method 800 may further comprise transmitting 820 the revoked list from the smartcard 301 to the offline reader 306. A non-limiting example of a revoked list is a revoked badge list. In an embodiment, a revoked list is a listing of smartcard identifiers and offline reader identifiers for which previously granted access privileges have been revoked, that a smartcard 301 carries between an online reader 308 and an offline reader 208. In embodiments, the revoked list carried by the smartcard 301 contains only the smartcard identifiers of other smartcards.
In an embodiment, a memory of the smartcard 301 receives the revoked list from an online reader 308 as the smartcard 301 moves through the online portion of the PACS. Thereafter, as the smartcard 301 moves through the offline portion of the PACS, it transfers (e.g., sends) 820 the revoked list to a memory of each offline reader 306 to which it is presented. In this manner, the revoked list is distributed to one or more offline readers 306 by smartcard holders passing between the online portion 316 and offline portion 318 of the PACS 300. A benefit of this approach is that a smartcard holder who accesses only offline readers 306 for a prolonged period of time (e.g., rarely, if ever, accesses an online reader 308), will have their access privileges revoked more quickly than if their access privileges were revoked only when that particular smartcard holder accessed an online reader 308.
Once the smartcard 301 has transmitted (e.g., sent) the revoked list to the offline reader 306, the method 800 may further comprise granting access 830 to the offline entry/exit point.
In another embodiment, where the smartcard 301 does not act as a carrier of a revoked list, the method 800 proceeds from step 820 (transmitting a “grant access” signal to the offline reader 306) to accessing 822 the revoked list. The method 800 further comprises the offline reader 208 determining 824 whether the smartcard identifier is on the revoked list. If the smartcard identifier appears on the revoked list, the method 800 further comprises the offline reader denying access 828 to the offline entry/exit point 314. If the smartcard identifier does not appear on the revoked list, the method 800 further comprises affirming the previous “grant access” signal received from the smartcard 301 (e.g., may comprise granting 830 access to the offline entry/exit point 314). Granting 830 access may comprise outputting a signal from the offline reader 306 to the offline entry/exit point 314 that opens the offline entry/exit point 314.
In one embodiment, the method 800 may further comprise determining 824 whether the revoked list stored in the offline reader 306, can be verified. Examples of various techniques that can be used to verify the revoked list stored in the offline reader 306 include, but are not limited to: CRC, MAC, hash, and authentication of a digital signature, as described above. If the revoked list stored in the offline reader 306 is verified, the method 800 may further comprise outputting 830 a signal from the offline reader 306 to the offline entry/exit point 314 that opens the offline entry/exit point 314. If not the method 800 may further comprise countermanding the previous “grant access” signal received from the smartcard 301 (e.g., may comprise denying 828 access to the offline entry/exit point 314).
Following either step 828 or step 830, the method 800 may further comprise logging 816 transactional information to the offline reader 306 and/or transmitting, or writing, the transactional information to a memory of the smartcard 301.
Each step, or combination of steps, depicted in
Non-limiting examples of “memory” or “computer readable memory” are: random access memory, read only memory, cache, dynamic random access memory, static random access memory, flash memory, virtual memory, and the like.
A smartcard's dimensions and shape will very depending on the embodiment, but by way of example only, may approximate the shape, and one or more dimensions, of either a credit card or a hardware token.
Although specific features of the invention are shown in some drawings and not in others, this is for convenience only as each feature may be combined with any or all of the other features in accordance with the invention. The words “including”, “comprising”, “having”, and “with” as used herein are to be interpreted broadly and comprehensively and are not limited to any physical interconnection. Moreover, any embodiments disclosed in the subject application are not to be taken as the only possible embodiments. Other embodiments will occur to those skilled in the art and are within the scope of the following claims.