Patent Application
20230409682
The present disclosure relates generally to security systems, and more particularly, to methods and systems for improving the operation of security systems.
Security systems often employ a number of different security system components that monitor occupant activity and/or control access to a secured area. Security system components can include, for example, door locks, card readers, motion sensors, video cameras and the like. In many cases, security system settings are initially configured during installation, and remain unchanged during subsequent operation. What would be desirable are systems and methods for making changes to security system settings based on identified changes in occupant behavior of a secure facility.
This disclosure relates to relates to security systems, and more particularly, to methods and systems for improving the operation of security systems. An example may be found in a method of improving operation of a security system for a facility, wherein the security system includes a plurality of security system components, where at least some of the plurality of security system components provide security data pertaining to the particular security system component. The illustrative method includes collecting over time the security data from each of the at least some of the plurality of security system components. A pattern is identified based at least in part on the collected security data, where the pattern identifies an expected behavior of one or more occupants of the facility. Live security data is received from at least some of the plurality of security system components, where the live security data represents a current behavior of one or more occupants of the facility. At least some of the live security data is compared with the identified pattern to identify when the current behavior of one or more occupants of the facility deviates from the expected behavior by more than a threshold. When the current behavior of one or more occupants of the facility deviates from the expected behavior by more than the threshold, one or more security system settings of the security system are changed. The security system is then operated, at least temporarily, using the one or more changed security system settings.
Another example is found in a method of changing a security level of a security system. The security system includes a plurality of security system components, where at least some of the plurality of security system components provide security data pertaining to the particular security system component. The illustrative method includes collecting over time historical security data from each of the at least some of the plurality of security system components. Artificial intelligence is used to learn historical patterns within the historical security data, where the historical patterns defining expected values for the security data. Live security data is received from at least some of the plurality of security system components and is compared with the learned historical patterns to detect situations in which the live security data differ from the expected values learned from the historical security data by more than a threshold. When the live security data differ from the expected values learned from the historical security data by more than a threshold, the security level of the security system is changed and the security system is operated at the changed security level.
Another example is found in a security system. The illustrative security system includes a plurality of security system components, where at least some of the plurality of security system components provide security data pertaining to the particular security system component. A controller is operatively coupled to the plurality of security system components. The controller is configured to receive at least some of the security data. One or more violations of one or more security requirements are identified based at least in part on the received security data, wherein each of the one or more security requirements is defined at least part by one or more static configuration settings of the security system. A change to one or more of the static configuration settings of the security system is determined based at least in part on the identified one or more violations. The determined change is made to one or more of the static configuration settings, and the security system is operated using the changed one or more of the static configuration settings.
The preceding summary is provided to facilitate an understanding of some of the features of the present disclosure and is not intended to be a full description. A full appreciation of the disclosure can be gained by taking the entire specification, claims, drawings, and abstract as a whole.
The disclosure may be more completely understood in consideration of the following description of various illustrative embodiments of the disclosure in connection with the accompanying drawings, in which:
While the disclosure is amenable to various modifications and alternative forms, specifics thereof have been shown by way of example in the drawings and will be described in detail. It should be understood, however, that the intention is not to limit aspects of the disclosure to the particular illustrative embodiments described. On the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the disclosure.
The following description should be read with reference to the drawings wherein like reference numerals indicate like elements. The drawings, which are not necessarily to scale, are not intended to limit the scope of the disclosure. In some of the figures, elements not believed necessary to an understanding of relationships among illustrated components may have been omitted for clarity.
All numbers are herein assumed to be modified by the term “about”, unless the content clearly dictates otherwise. The recitation of numerical ranges by endpoints includes all numbers subsumed within that range (e.g., 1 to 5 includes 1, 1.5, 2, 2.75, 3, 3.80, 4, and 5).
As used in this specification and the appended claims, the singular forms “a”, “an”, and “the” include the plural referents unless the content clearly dictates otherwise. As used in this specification and the appended claims, the term “or” is generally employed in its sense including “and/or” unless the content clearly dictates otherwise.
It is noted that references in the specification to “an embodiment”, “some embodiments”, “other embodiments”, etc., indicate that the embodiment described may include a particular feature, structure, or characteristic, but every embodiment may not necessarily include the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is contemplated that the feature, structure, or characteristic may be applied to other embodiments whether or not explicitly described unless clearly stated to the contrary.
A controller 16 is operably coupled to the plurality of security system components 14 via a network 18. The network 18 may be a wired network or a wireless network, for example. In some cases, the network 18 may be part of a building management system (BMS) network. In some cases, the network 18 may be a standalone network dedicated to the security system 10, while in other cases, the network 18 may be an IT network or a combination IT network and BMS network. In the example shown, the controller 16 is configured to receive at least some of the security data that is provided by at least some of the security system components 14.
In some cases, the controller 16 is configured to identify one or more violations of one or more security requirements based at least in part on the received security data, wherein each of the one or more security requirements is defined at least part by one or more static configuration settings of the security system 10, and to determine a change to one or more of the static configuration settings of the security system 10 based at least in part on the identified one or more violations. Static configuration settings include settings that remain static during normal operation of the security system, such as a door close time, a door unlock duration, a card swipe delay between card swipes, an exit delay time after arming, an enter delay time before disarming, etc. The controller 16 is configured to make the determined change to one or more of the static configuration settings, and to operate the security system 10 using the changed one or more of the static configuration settings. In some cases, the determined change is automatically made, while in other cases a recommendation is presented to an operator of the security system to approve the change.
The changed one or more of the static configuration settings may include one or more of a transient duration for making a card reader swipe, a door lock duration, a door held open warning time, a door held open active time, a door open state time, and a door latch output delay, an exit delay time after arming, an enter delay time before disarming, and/or any other suitable static configuration setting. In some cases, the controller 16 may be configured to identify one or more events associated with one or more security requirements based at least in part on the received security data, and to determine a change to one or more of the static configuration settings of the security system based at least in part on the identified one or more events. For example, the controller 16 may identify a number of alarm events that result from a user not exiting the facility after arming the security system within an exit delay time after arming setting. The controller may determine to increase the exit delay time after arming settings. In some cases, the exit delay time after arming settings may be increased by an amount that will reduce the number of alarm events that result from a user not exiting the facility after arming the security system within an exit delay time after arming setting.
In another example, the controller 16 may identify a number of alarm events that result from users swiping their access card and then not getting through and closing a corresponding access door within a door open state time. The controller 16 may determine to increase the door open state time setting. In some cases, the door open state time setting may be increased by an amount that will reduce the number of alarm events that result from a user swiping their access card and not getting through and closing the corresponding access door within a door open state time. In some cases, the static configuration setting may be user specific. For example, the controller 16 may increase the door open state time setting for a particular user (e.g. user in a wheel chair), while not changing the door open state time setting for other users. These are just examples.
In some cases, the controller 16 can change one or more settings (static or dynamic) of the security system depending on identified changes in occupant behavior. For example, a particular user may typically enter a facility between 7:30 AM and 8:30 AM each weekday morning, as tracked by card swipes at the entrance to the facility. If the controller 16 detects the user is attempting to access the facility at 3:00 AM on Sunday, the controller 16 may automatically require multi-factor authentication for that 3:00 AM entry, which may require not only a card swipe but also entry of a PIN code. Also, recording of the video from security cameras at the entrance of the facility may be automatically started to record the entry. These are just some examples.
Live security data is received from at least some of the plurality of security system components, where the live security data represents a current behavior of one or more occupants of the facility, as indicated at block 26. In some instances, the live security data represents a length of time that one or more occupants took to carry out a predefined security system-related task, and the identified pattern identifies an expected length of time to carry out the predefined security system-related task. The predefined security system-related task may include one or more of opening a door after unlocking the door, closing a door after entry, arming the security system, and disarming the security system. These are just example. In some cases, the live security data includes a time stamp for a detected event, and the pattern yields an expected time of day for the detected event. For example, the detected event may include accessing an area of the facility. At least some of the live security data is compared with the identified pattern to identify when the current behavior of one or more occupants of the facility deviates from the expected behavior by more than a threshold, as indicated at block 28.
When the current behavior of one or more occupants of the facility deviates from the expected behavior by more than the threshold, one or more security system settings of the security system are changed, as indicated at block 30. In some cases, changing one or more security system settings includes automatically changing the one or more changed security system settings. Changing one or more security system settings may include receiving operator input authorizing the change of the one or more changed security system settings in response to an automatically generated recommendation. Changing the one or more changed security system settings may include changing a static configuration setting of the security system, for example. Changing the one or more security system settings may include changing a security setting that increases a security level of at least part of the facility. Changing the one or more security system settings may include changing a first security setting that increases a security level of a first part of a facility and changing a second security setting that decreases a security level of a second part of the facility. The security system is then operated using the one or more changed security system settings, as indicated at block 32.
The security system 10 may monitor a variety of different parameter values. Examples include but are not limited to the time taken to close the door after entry (access), the time taken to arm/disarm the system (intrusion), the number of people detected (access and video based) and time of the day when action takes place (in access based solution on swipe in/out, in video system based on facial recognition).
The security system 10 may take a variety of different actions, with respect to security level. Examples include but are not limited to enabling multi-factor authentication for a user when the access code was wrongly entered twice, increasing the timeouts when the system arm/disarm becomes close to exit delay/entry delay, setting multi-factor authentication when the door lock engage back after unlock is more than usual, triggering video recording and video analytics when there are more than a usual number of people present, enabling multi-factor authentication and start video recording at all doors when there are multiple doors not shut after access, changing entire site behavior to increase security level when there are more than one door force opened status, changing access level or requiring multi-function authentication when people are accessing the site at unusual time, enabling multi-factor authentication when access data and video data show different occupancy, which can be a result of tailgating at access doors, raising security in restricted zones and reducing security in low security zones as a result of detecting more people than usual, and raising a critical/emergency alarm to a site administrator when there is an unusual number of alarms at a site.
When the live security data differ from the expected values learned from the historical security data by more than a threshold, the security level of the security system is changed, as indicated at block 44. The security system is then operated at the changed security level, as indicated at block 46. In some cases, the security level of the security system may include two or more distinct security levels, and changing the security level of the security system may include moving between two of the distinct security levels.
In some cases, the security system may be configured to implement any of a plurality of security requirements, and each of the two or more distinct security levels implement a different combination of the plurality of security requirements. The plurality of security requirements may include one or more of presenting a security card for access, providing a pin number for access, and requiring multi factor authorization for access. Changing the security level of the security system may include one of decreasing the security level in order to process people through a secured zone of the facility faster, or increasing the security level in response to a perceived threat. These are just examples.
In some cases, one or more different methods or algorithms may be executed in order to determine when a change in security level is appropriate. In some cases, one or more different methods or algorithms may be downloaded and executed as appropriate.
The rejected card swipes are checked, as indicated at block 60, and corresponding event insights are provided to an event analyzer, as indicated at block 62. The event analyzer 62 also has access to the logged failure events block 58. In this example, the event analyzer 62 uses the insights and/or the logged failure events to determine recommendations for making changes to security system settings, such as changes to the transient duration, as indicated at block 66. In some cases, the event analyzer 62 uses Machine Learning and/or Artificial Intelligence to determine recommendations for making changes to security system settings. Recommendations are provided to the recommendation system, as indicated at block 64, which in this example, provides a new recommended transient value. At decision block 68, a determination is made as to whether the newly recommended transient value is within an allowed range. If not, the newly recommended transient value is discarded, as indicated at block 70. If the newly recommended transient value is within the allowed range, control passes to block 72, where a site operator or owner is asked to accepts the newly recommended transient value. Once accepted, the newly recommended transient value becomes the configured transient duration, as indicated at block 56, which is passed for use by decision block 52.
The actual door unlock durations (i.e. actual times between unlock and re-lock events for the door) over time are checked, as indicated at block 84, and corresponding event insights are provided to an event analyzer, as indicated at block 86. The event analyzer 86 also has access to the logged failure events block 82. The event analyzer 86 uses the insights and/or the logged failure events to determine recommendations for making changes to static configuration settings, such as the door unlock duration, as indicated at block 88. In some cases, the event analyzer 86 uses Machine Learning and/or Artificial Intelligence to determine recommendations for making changes to security system settings. The recommendations are provided to the recommendation system, as indicated at block 90. A new door unlock duration is recommended. At decision block 92, a determination is made as to whether the newly recommended door unlock duration is within an allowed range. If not, the newly recommended door unlock duration is discarded, as indicated at block 94. If the newly recommended door unlock duration is within the allowed range, control passes to block 96, where the site operator or owner accepts is asked to accept the newly recommended door unlock duration. The newly recommended door unlock duration then becomes the configured door unlock duration, as indicated at block 97, which is passed for use by the decision block 78.
A check is made as to whether the timer for the particular user expired before the door was closed on a regular basis, as indicated at block 178, and corresponding event insights are provided to an event analyzer, as indicated at block 180. The event analyzer also has access to the logged informational events at block 176. The event analyzer uses the insights and/or the logged information events to determine recommendations for making changes to static configuration settings, such as the user-specific door held open timer, as indicated at block 182. The recommendations are provided to the recommendation system, as indicated at block 184. A new door held open duration for a particular user is recommended. At decision block 186, a determination is made as to whether the newly recommended door held open duration is within an allowed range. If not, the newly recommended door held open duration is discarded, as indicated at block 188. If the newly recommended door held open duration is within the allowed range, control passes to block 190, where the site operator or owner is asked to accept the newly recommended user-specific door held open duration. The newly recommended user-specific door held open duration then becomes the configured user-specific door held open duration, as indicated at block 192, which is passed for use by the decision block 174.
Those skilled in the art will recognize that the present disclosure may be manifested in a variety of forms other than the specific embodiments described and contemplated herein. Accordingly, departure in form and detail may be made without departing from the scope and spirit of the present disclosure as described in the appended claims.
