The present application relates to remote access control devices, and more particularly to keypad devices and methods for remote entry to locked facilities.
To gain access to a residential or commercial property, there is usually a telephone entry system that allows visitors to call the property manager or owner and engage in an audio communication via a land line or cellular service. This land line or cell service requires paying a monthly fee. In addition, granting entry by telephone requires participation by the resident, who may wish to admit a guest when the resident is not home. Such systems do not allow convenient entry of guests when the resident is not available to answer a call from the telephone entry system.
To provide a guest access to a residential or commercial facility, a resident or manager may issue a credential such as a radio transmitter, keycode (to be entered on a keypad), or a keycard, to each guest, to be returned when the visit is over. These credentials require cumbersome physical tracking and management. In addition, such credentials are expensive and require expensive access control devices such as radio receivers, keypads, or card readers to be installed at the facility to receive or detect the credential and allow each guest access. Access control devices are often vandalized requiring costly maintenance.
It would be desirable, therefore, to develop new methods and other new technologies for remote access management that overcome these and other limitations of the prior art SUMMARY
This summary and the following detailed description should be interpreted as complementary parts of an integrated disclosure, which parts may include redundant subject matter and/or supplemental subject matter. An omission in either section does not indicate priority or relative importance of any element described in the integrated application. Differences between the sections may include supplemental disclosures of alternative embodiments, additional details, or alternative descriptions of identical embodiments using different terminology, as should be apparent from the respective disclosures.
In an aspect of the disclosure, a method for controlling remote access to a physical facility gated by an electro-mechanical lock may include receiving, by at least one processor over a computer network, instructions from a user specifying a lock controller identifier, a time period for which access is granted, and at least one authorized client device identifier. The method may further include providing, by the at least one processor, an online executable code for managing temporary access to the physical facility, based on the instructions, in a network-accessible memory location. The method may further include providing, by the at least one processor to an electronic address specified by the user, a unique link to the online executable code.
Thereafter, the user can provide the link to the guest or guests, each of which can access the online executable code via a web browser operating on a smartphone or the like. When at the facility gate, the guest requests access to the gate via the link, which connects to executable code hosted by a computer on the Internet or equivalent computer network. The executable code authenticates the guest identity and permitted times of access. If the request meets all access criteria, the online executable code causes an access command (e.g., command to unlock and/or open) to be sent to the electromechanical lock via a network interface. The network interface, also called a “hub” herein, may be a modular electronic unit that can be connected to any electromechanical lock having a serial port, or equivalent input/output port.
In related aspects, the method may further include receiving, from a requesting device via the unique link, a request for access to the physical facility. As noted above, this operation may be performed by executable code hosted on the Internet or the like. In a related aspect, the method may include comparing a client identifier originating from the requesting device to the at least one authorized client identifier, and transmitting a command to a control circuit that actuates an unlocking mechanism only if the request meets a predetermined condition. The predetermined condition may include any suitable identity or time constraints. For example, the predetermined condition may require one or more of the client identifier originating from the requesting device matching the at least one authorized client identifier, or a time at which the apparatus receives the request for access is within the time period for which access is granted. In some embodiments, the at least one authorized client identifier may be, or may include, an electronic address for an authorized client device, for example, a unique telephone number or Internet address. In addition, or in an alternative, the at least one authorized client identifier may be, or may include, a password or electronic identity token, with or without an account identifier.
In another aspect, the method may include transmitting the command to a cellular network transceiver (e.g., the hub) coupled to a controller of the electro-mechanical lock. The method may include receiving data from the controller of the electro-mechanical lock via the cellular network transceiver. Thus, for example, a user may be able to check operational status of the electro-mechanical lock controller without a visit to the physical facility.
In another aspect, the method may include authenticating the remote user who sets up the guest pass online, for example, using a username and password, with or without 2-factor authentication. Authentication should be secure enough to prevent issuance of unauthorized guest passes. In addition, users should be able to cancel or amend guest passes, for example by changing the access period or adding/removing guest users. Accordingly, the method may include updating at least one of the lock controller identifier, the time period for which access is granted, or the at least one authorized client identifier, in response to a request from the user.
In related aspects, an apparatus for remote access to a physical facility gated by an electro-mechanical lock may include a network interface and at least one processor coupled to a memory and to the network interface, wherein the memory holds program instructions that when executed by the at least one processor, cause the apparatus to perform operations of the methods described herein. The apparatus may be, or may include, a networked computer server. A wireless communication hub coupled to a controller for the electro-mechanical lock for physically unlocking and/or opening access to the physical facility may, together with the computer server, make up a system for providing temporary access to a physical facility. Such a system may further include one or more client devices, for example, a guest's smartphone and a personal computer or smartphone used by the owner, resident or property manager to configure each guest pass generated by the server.
In other aspects of the disclosure, a remote access control apparatus includes features for controlling an electro-mechanical actuator for locking or unlocking a door mechanism in response to a signal from a wireless interface. The signal is generated by an application in communication with the access control apparatus via a wide area network or other electronic communication network. The access control apparatus lacks functionality for alerting a user of the application when access is requested. Instead, the person requesting access does so using a communication method and channel independent of the apparatus, for example, a telephone call, or connecting to a computer server.
To the accomplishment of the foregoing and related ends, one or more examples comprise the features hereinafter fully described and particularly pointed out in the claims. The following description and the annexed drawings set forth in detail certain illustrative aspects and are indicative of but a few of the various ways in which the principles of the examples may be employed. Other advantages and novel features will become apparent from the following detailed description when considered in conjunction with the drawings and the disclosed examples, which encompass all such aspects and their equivalents.
The features, nature, and advantages of the present disclosure will become more apparent from the detailed description set forth below when taken in conjunction with the drawings in which like reference characters identify like elements correspondingly throughout the specification and drawings.
Various aspects are now described with reference to the drawings. In the following description, for purposes of explanation, numerous specific details are set forth to provide a thorough understanding of one or more aspects. It may be evident, however, that the various aspects may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form to facilitate describing these aspects.
The system 100 may further include a web server 106 holding in a memory coupled thereto a web application 120, or several such applications, for guest pass operation and control. The web server 106 may be of any suitable form or architecture for hosting web pages, for example, a standalone server, a server farm, a cloud server, or a peer-to-peer server. The web application may be coded in any suitable server-side application, for example, PHP, Python, Ruby, C #, or NodeJS(JavaScript). In an alternative, or in addition, one or more functions of the application 120 may be coded in a client side code language. In either case, the application 120 is an instance of non-transitory code that when executed by one or more processors of the server 106, a participating one of the clients 102, 104, the keypad controller 108, and/or the hub 116, causes the system 100 and/or one or more programmable apparatus therein (e.g., the server 106) to perform operations of methods as described herein.
In an aspect, a user having administrative authority for the physical facility 130 and electro-mechanical locks 114, 118 may connect to the server 106 via a first client 102 and WAN 120, for example, using a web page to log into a website hosted by the server and accessing the application 120 by selecting one or more pages or other objects included in the website. Although the first client 102 is pictured as a laptop computer, it may be in any useful form, for example, a personal computer, notepad computer, smart phone, or virtual reality gear. The user configures a guest pass for a guest using a second client 104, for example a smartphone or other suitable client device. Using parameters specified the authorized user, the server 10 provisions the application 120 in a network-accessible memory and sends a link 122 to one or more client devices 104 specified by the authorized user, for example by including the link in an SMS message sent to a designated phone number.
The guest may receive such link 122 using the client device 104 and save the link in a memory thereof. When located at the gate of the facility 130 the user activates the link 122, which opens the guest pass application 120 on the server 106. The application authenticates the client device 104 by its mobile subscription identification number (MSIN) or other unique identifier. In some embodiments, the application 120 may use additional or alternative authentication techniques, such as, for example, biometric identity data, passwords, or a second communication channel. If the device and user are authenticated for the guest pass and the current time is within the active period for the pass, the server 106 may send a data signal via the WAN 120 and cellular network 140 to the hub 116 and/or keypad controller 108. The data signal may include a command to open the lock 118, 114.
To prevent inadvertent opening of the lock 118, 114 when the client device is far away, the server 106 may verify that the client device is located near the electro-mechanical lock 118 (or lock 114, as the case may be) using a triangulation protocol (e.g., GPS) or other locating method, before sending the open command to the hub 116 or keypad controller 108. In an alternative, or in addition, the hub 116 or keypad controller 108 may sense proximity of the client device. In the case of the keypad controller 108, the server 106 may transmit a temporary passcode to the client device or to the display 110 of the controller 108 for the guest to manually enter using the keypad 112 or other suitable user interface. The hub 116, however, has no user interface for the guest, so proximity detection may be performed using an automatic locating method or proximity sensing as known in the art. Thus, a user 102 of the first client device 102 may provision a guest pass for the guest having the second client 104 without needing to supply an access token or key to the guest. Further, the hub 116 or keypad controller 108 may report access events to confirm successful use of the guest pass, if desired.
If configured as a server or as the hub 116, the user interface 206 and display 210 may be omitted from the apparatus 200 and provided instead by a connected client device. If configured as a keypad controller 108 or client device 102, 104, the display 210 and user interface 206 (e.g., keypad, touchscreen, or microphone) may be built into the apparatus 200.
Referring to
Next, the at least one processor may execute a 2nd-factor authentication process as known in the art, which may include sending a verification code to the client device via an independent channel (e.g. an SMS text message) and then providing an authentication screen 1006 including a data entry object 1008 for confirming receipt of the verification code via the session between the client device and server.
Following authentication, the server may provide a site selection screen 1010 from which the authenticated user can pick a physical facility (e.g., “Laguna Woods”) protected by one or more electro-mechanical locks under control of the server. The screen 1010 may include at least three options: a first option 1012 for adding a “gate” (e.g., electro-mechanical lock), a second option 1014 for watching an instructional video associated with the facility, or a third option 1016 for setting up a profile of the authenticated user. If the user selects the first option 1012, the server may provide a gate parameter screen 1020 to the client device, including several data input objects that enable user specification of gate parameters, for example an address and/or identifier (IME #) for a controller that controls the electro-mechanical lock, facility name and geographic address, a controller keypad and call button message, and a name and phone number of the administrative user who controls access to the facility. If the user selects the second option 1022, the server may provide a playlist screen 1022 from which the user may view one or more video associated with the facility. This video or these videos can be visible to guests to assist with understanding how to use the guest pass and access system. If the user selects the third option 1024, the server may provide a profile screen 1024 including one or more data input objects enabling the administrative user to set or amend their profile data, for example, smart phone number.
From the facility selection screen 1010, once the user selects a facility, the server may provide a gate control screen 1018, which may be the same or similar to the screen 300 described in connection with
Referring to
The control screen 1018 may include another option 1109 for diagnostics, which if selected by the user, causes the server to provide a diagnostics screen 1110 with several data fields showing a current state of the electro-mechanical lock and controller's operating parameters for the selected facility. The state data may be obtained by the server via a hub or keypad controller coupled to an internal data port of the lock controller.
If the controller is jammed with unexecuted actions, the user may select a reset object 1111 causing the server to send a reset command to the controller and send a reset confirmation message 1112 to the user's client device.
The diagnostic screen 1110 may include an option 1113 for requesting an event log from the controller, which if selected by the user, causes the server to send a request to the lock controller or auxiliary data source for the event log, retrieve the event log, generate an event log page 1114 and send the event log page 1114 to the client device for display to the user. For further example, the diagnostic screen 1110 may include an option 1115 for requesting an error log from the controller, which if selected by the user, causes the server to send a request to the lock controller or auxiliary data source for the error log, retrieve the error log, generate an error log page 1115 and send the error log page 1114 to the client device for display to the user. The error log screen 1116 may include a request object 1117 for uploading a copy of the error, which if selected by the user causes the server to upload the error logs and provide a confirmation message 1118.
Referring again to the user management screen 1206, selecting the “add a user” option causes the server to provide a new user setup screen 1208 for inputting and confirming the user information as previously described. Picking the “add a guest” option brings up a guest pass configuration page 1210 (see also screen 500,
Referring to
The transceiver hub 1500 as shown in
Instead of or in addition to the transceiver hub 1500, a system may use a keypad controller 1600 to facilitate remote access to the lock controller 1410 by a remote server and/or manual local access via a keypad 1630, as shown in
In an aspect, the keypad 1630 may include a call button 1640 configured for a controller 1600 that lacks a telephone connection. Instead of dialing a number directly, when the call button is selected, the keypad controller displays the message set by the administrative user, for example using a “call button message” data entry field as shown in
In accordance with the foregoing, and by way of additional example,
Referring to
The address may be, for example, a phone number for a smart phone used by the guest, who can receive the link as an SMS text or similar message. The link is operative to access the online executable code via a web browser operating on a smartphone or the like. When at the facility gate, the guest requests access to the gate via the link, which connects to executable code hosted by a computer on the Internet or equivalent computer network. The executable code authenticates the guest identity and permitted times of access. If the request meets all access criteria, the online executable code causes an access command (e.g., command to unlock and/or open) to be sent to the electromechanical lock via a network interface. The network interface, also called a “hub” herein, may be a modular electronic unit that can be connected to any electromechanical lock having a serial port, or equivalent input/output port.
The method 1700 may include any one or more additional operations as described above and below herein, for example, one or more of the additional operations 1800, 1900, or 2000. Each of these additional operations is not necessarily performed in every embodiment of the method, and the presence of any one of the operations does not necessarily require that any other of these additional operations also be performed.
For example, optionally, method 1700 may further include at 1810 receiving, from a requesting device via the unique link, a request for access to the physical facility, and comparing a client identifier originating from the requesting device to the at least one authorized client identifier. The method 1700 may further include, at 1820, transmitting a command to a control circuit that actuates an unlocking mechanism of the electro-mechanical lock only if the request meets a predetermined condition. The predetermined condition may include any suitable identity or time constraints. For example, as shown at block 1830, the predetermined condition may require one or more of the client identifier originating from the requesting device matching the at least one authorized client identifier, or a time at which the apparatus receives the request for access is within the time period for which access is granted.
In some embodiments, as shown at block 1840, the at least one authorized client identifier may be, or may include, an electronic address for an authorized client device, for example, a unique telephone number or Internet address. In addition, or in an alternative, as shown at block 1850 the at least one authorized client identifier may be, or may include, a password or electronic identity token, with or without an account identifier.
In another aspect referring to
In another aspect referring to
As illustrated in
The apparatus or system 2100 may further comprise an electrical component 2104 for providing an online executable code for managing temporary access to the physical facility, based on the instructions, in a network-accessible memory location. The component 2104 may be, or may include, a means for said providing. Said means may include the processor 2110 coupled to the memory 2116, and to the network interface 2114, the processor executing an algorithm based on program instructions stored in the memory. Such algorithm may include a sequence of more detailed operations, for example, provisioning a memory location with parameters for a guest pass as described, and setting up executable code configured for initiating a guest interaction routine based on the parameters at a memory location with a network address.
The apparatus or system 2100 may further comprise an electrical component 2106 for providing a unique link to the online executable code to an electronic address specified by the user. The component 2106 may be, or may include, a means for said providing. Said means may include the processor 2110 coupled to the memory 2116, and to the network interface 2114, the processor executing an algorithm based on program instructions stored in the memory. Such algorithm may include a sequence of more detailed operations, for example, placing the network address in a message, and sending the message to the client device in use by the administrative user.
The apparatus 2100 may optionally include a processor module 2110 having at least one processor, in the case of the apparatus 2100 configured as a data processor. The processor 2110, in such case, may be in operative communication with the modules 2102-2106 via a bus 2112 or other communication coupling, for example, a network. The processor 2110 may effect initiation and scheduling of the processes or functions performed by electrical components 2102-2106.
In related aspects, the apparatus 2100 may include a network interface module 2114 operable for communicating with a storage device over a computer network. In further related aspects, the apparatus 2100 may optionally include a module for storing information, such as, for example, a memory device/module 2116. The computer readable medium or the memory module 2116 may be operatively coupled to the other components of the apparatus 2100 via the bus 2112 or the like. The memory module 2116 may be adapted to store computer readable instructions and data for effecting the processes and behavior of the modules 2102-2106, and subcomponents thereof, or the processor 2110, or the method 1700 and one or more of the additional operations 1800, 1900, or 2000 described in connection with the method 1700. The memory module 2116 may retain instructions for executing functions associated with the modules 2102-2106. While shown as being external to the memory 2116, it is to be understood that the modules 2102-2106 can exist within the memory 2116.
The various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the aspects disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
As used in this application, the terms “component”, “module”, “system”, and the like are intended to refer to a computer-related entity, either hardware, a combination of hardware and software, software, or software in execution. For example, a component may be, but is not limited to being, a process running on a processor, a processor, an object, an executable, a thread of execution, a program, and/or a computer or system of cooperating computers. By way of illustration, both an application running on a server and the server can be a component. One or more components may reside within a process and/or thread of execution and a component may be localized on one computer and/or distributed between two or more computers.
Program instructions may be written in any suitable high-level language, for example, C, C++, C #, JavaScript, or Java™, and compiled to produce machine-language code for execution by the processor. Program instructions may be grouped into functional modules, to facilitate coding efficiency and comprehensibility. It should be appreciated that such modules, even if discernable as divisions or grouping in source code, are not necessarily distinguishable as separate code blocks in machine-level coding. Code bundles directed toward a specific function may be considered to comprise a module, regardless of whether machine code on the bundle can be executed independently of other machine code. In other words, the modules may be high-level modules only.
Various aspects will be presented in terms of systems that may include several components, modules, and the like. It is to be understood and appreciated that the various systems may include additional components, modules, etc. and/or may not include all the components, modules, etc. discussed in connection with the figures. A combination of these approaches may also be used. The various aspects disclosed herein can be performed on electrical devices including devices that utilize touch screen display technologies and/or mouse-and-keyboard type interfaces. Examples of such devices include computers (desktop and mobile), smart phones, personal digital assistants (PDAs), and other electronic devices both wired and wireless.
In addition, the various illustrative logical blocks, modules, and circuits described in connection with the aspects disclosed herein may be implemented or performed with a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general-purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration. As used herein, a “processor” encompasses any one or functional combination of the foregoing examples.
Operational aspects disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC. The ASIC may reside in a user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal.
Furthermore, the one or more versions may be implemented as a method, apparatus, or article of manufacture using standard programming and/or engineering techniques to produce software, firmware, hardware, or any combination thereof to control a computer to implement the disclosed aspects. Non-transitory computer readable media can include but are not limited to magnetic storage devices (e.g., hard disk, floppy disk, magnetic strips . . . ), optical disks (e.g., compact disk (CD), digital versatile disk (DVD), BluRay™) smart cards, solid-state devices (SSDs), and flash memory devices (e.g., card, stick). Of course, those skilled in the art will recognize many modifications may be made to this configuration without departing from the scope of the disclosed aspects.
In view of the exemplary systems described supra, methodologies that may be implemented in accordance with the disclosed subject matter have been described with reference to several flow diagrams. While for purposes of simplicity of explanation, the methodologies are shown and described as a series of blocks, it is to be understood and appreciated that the claimed subject matter is not limited by the order of the blocks, as some blocks may occur in different orders and/or concurrently with other blocks from what is depicted and described herein. Moreover, not all illustrated blocks may be required to implement the methodologies described herein. Additionally, it should be further appreciated that the methodologies disclosed herein are capable of being stored on an article of manufacture to facilitate transporting and transferring such methodologies to computers.
The previous description of the disclosed aspects is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these aspects will be clear to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein. What is claimed is:
The present application claims benefit of U.S. Provisional Patent Application Ser. No. 63/111,520 filed Nov. 9, 2020.
Number | Date | Country | |
---|---|---|---|
63111520 | Nov 2020 | US |