US20200394856A1 - Access control system using mobile device - Google Patents
Access control system using mobile deviceDownload PDFInfo
- Publication number
- US20200394856A1 US20200394856A1US16/439,024US201916439024AUS2020394856A1US 20200394856 A1US20200394856 A1US 20200394856A1US 201916439024 AUS201916439024 AUS 201916439024AUS 2020394856 A1US2020394856 A1US 2020394856A1
- Authority
- US
- United States
- Prior art keywords
- user
- access
- mobile device
- door
- policy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
- G07C9/00111—
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/28—Individual registration on entry or exit involving the use of a pass the pass enabling tracking or indicating presence
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00896—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys specially adapted for particular uses
- G07C9/00904—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys specially adapted for particular uses for hotels, motels, office buildings or the like
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/27—Individual registration on entry or exit involving the use of a pass with central registration
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
- G07C2009/00507—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks keyless data carrier having more than one function
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C2009/00753—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
- G07C2009/00769—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
- G07C2009/00785—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means by light
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C2009/00753—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
- G07C2009/00769—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
- G07C2009/00793—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means by Hertzian waves
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00571—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
Definitions
- the present disclosurepertains generally to methods of gaining access to a controlled space and more particularly to methods of using mobile devices in gaining access to a controlled space.
- a number of buildingsinclude rooms, areas or spaces to which there is a desire to limit access.
- Traditional access systemsrequire a user to provide some form of identification to an access system, and the access system then determines whether the user is authorized to access a particular room, area or space.
- a traditional access systemmay, for example, include an electronic lock that can be selectively locked or unlocked in order to prevent or provide access through a door into a space.
- the traditional access systemmay include a card reader or other device for identifying a user, and may include a card reader or other device on each side of the door.
- the card reader(s) and electronic lock(s) of a buildingare typically wired to a central access controller, wherein the central access controller stores access control policies for each user and each door. Access control decisions are typically made by the central access controller and/or card reader(s) in real or near real-time. A need remains for a simplified access system.
- the disclosurerelates generally to methods and systems for controlling access to a controlled space using a user's mobile device to make at least part of a decision as to whether a particular user is authorized to gain access to a particular space in a building at a particular time.
- An example of the disclosureincludes a method for controlling access through a door having a door lock that can be electrically locked and unlocked.
- the door lockis operably coupled to a reader that is configured to establish local communication with a user's mobile device and to establish non-local communication with a remote server.
- the example methodfurther includes storing a user's digital identity and a user's access policy in a memory of the user's mobile device and the user's mobile device using the stored user's digital identity and the stored user's access policy to determine whether or not the user is authorized for access through the door and to make an access decision of YES or NO.
- the access decisionmay be communicated to the reader along with the user's digital identity and the reader may store the communicated access decision and user's digital identity for subsequent communication to the remote server.
- the access decisionis YES
- the door lockis unlocked so that the user is free to pass through the door and when the access decision is NO, the door lock is not unlocked.
- the example mobile devicemay include a memory that is configured to store a user's digital identity as well as a user's access policies.
- a controllermay be operably coupled to the memory and may be configured to access the user's digital identity and the user's access policies from the memory and to use the user's digital identity and the user's access policies to determine whether the user is authorized to access the space to which the door restricts access.
- An outputmay be operably coupled to the controller and may be configured to communicate with a reader that is associated with the door in order to unlock a lock apparatus of the door when the controller determines that the user is authorized to access the space to which the door restricts access.
- the mobile devicemay store a user's digital identity and a user's access policy and to identify an identity of a locked door that the user wants to enter. The mobile device may then uses the user's digital identity, the user's access policy and the identity of the locked door to determine, via a controller of the mobile device, whether the user is authorized to access the locked door. When the determination is made by the controller of the mobile device that the user is authorized to access the locked door, the mobile device may be instructed to transmit instructions to unlock the locked door.
- FIG. 1is a schematic block diagram of an illustrative access control system
- FIG. 2is a schematic diagram of an illustrative access control system
- FIG. 3is a schematic block diagram of an illustrative mobile device usable with the access control systems of FIGS. 1 and 2 ;
- FIG. 4is a schematic diagram of an illustrative policy execution flow that may be carried out by the access control systems of FIGS. 1 and 2 ;
- FIG. 5is a flow diagram showing an illustrative method of controlling access through a door
- FIG. 6is a flow diagram showing an illustrative method of controlling access through a door
- FIG. 7is a flow diagram showing an illustrative method of controlling access through a door
- FIG. 8is a flow diagram showing an illustrative use of user context information
- FIG. 9is a flow diagram showing an illustrative method of controlling access through a door.
- FIG. 10is a flow diagram showing an illustrative method of controlling access through a door
- references in the specification to “an embodiment”, “some embodiments”, “other embodiments”, etc.,indicate that the embodiment described may include a particular feature, structure, or characteristic, but every embodiment may not necessarily include the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is contemplated that the feature, structure, or characteristic may be applied to other embodiments whether or not explicitly described unless clearly stated to the contrary.
- FIG. 1is a schematic block diagram of an illustrative access control system 10 .
- the access control system 10includes a door lock 12 that may be positioned to selectively lock and unlock a door (not illustrated).
- the door lock 12may be an electronically controlled lock such as a magnetic door lock, but other electronically controlled locks are contemplated.
- a reader 14may be configured to control operation of the door lock 12 .
- the reader 14may instruct the door lock 12 to change from a locked configuration to an unlocked configuration.
- the reader 14may instruct the door lock 12 to change from an unlocked configuration to a locked configuration.
- the reader 14may be communicatively coupled with a gateway 16 .
- the gateway 16may include a modem or router, for example, and may itself be configured to communicate with a remote server 18 . Accordingly, the reader 14 may communicate with the remote server 18 via the gateway 16 . This communication may be two-way communication, meaning that not only can the reader 14 receive information from the remote server 18 , but that the reader 14 can also transmit information to the remote server 18 .
- the remote server 18may in some cases be a cloud server, but this is not required in all cases.
- the remote server 18may include information related to which doors a particular user has access to, and which doors a particular user is not authorized to pass through.
- This informationwhich may include a user's access policy, may be communicated to the particular user's mobile device 20 .
- the user's access policymay additionally be transmitted to the reader 14 via the gateway 16 so that the reader 14 may provide an updated user's access policy to the mobile device 20 , for example.
- the user's access policymay include detailed information as to which spaces the particular user is authorized to access, the conditions under which the user is authorized to access the space, time and date periods during which the user is authorized to access the space, and so on.
- a lower level employeemay have access to their workspace and the lunchroom, but not have access to various labs and other spaces.
- the lower level employeemay be limited to accessing their authorized spaces during certain time periods, such as Monday through Friday, 8 AM to 6 PM, and thus would not be permitted to pass at 7 AM on a Monday, or anytime on a Saturday or Sunday.
- An intermediate level employeemay have access to the same spaces, but may be authorized to access these spaces seven days a week, 24 hours a day.
- a higher level employeemay have access to all spaces and at all times. These are just examples.
- This informationmay also include a facility policy that may be communicated from the remote server 18 to the reader 14 via the gateway 16 .
- a facility policymay not be limited to a particular individual, but instead may describe limitations that apply to many or even all employees. An example might be that a particular door is to remain unlocked every weekday Monday through Friday, from 7 AM to 7 PM. Another example might be that a particular door is to remain locked, with no access available, all day on Saturdays and Sundays, regardless of the employee. These are just examples.
- an exception policymay be communicated from the remote server 18 to the reader 14 via the gateway 16 .
- An exception policymay specify, for example, that a particular space will be closed for a period of time for cleaning, or remodeling.
- An exception policymay specify that a particular door or set of doors is to remain unlocked for a particular period of time corresponding to an event. For example, particular doors may remain unlocked during a scheduled open house.
- Another example of an exception policymay be that a particular user may not have an updated or current user access policy.
- the exception policymay be part of the facility policy, while in other cases, it may be separate.
- the access control system 10may be configured to permit periodic updates to the user access policies, the facility policy and the exception policies to be communicated from the remote server 18 to the reader 14 via the gateway 16 .
- Periodic updatesmay be scheduled, for example, or may occur when network connectivity permits communication between the reader 14 and the gateway 16 , and/or between the gateway 16 and the remote server 18 .
- a mobile device 20may be configured to communicate with the reader 14 .
- the mobile device 20may be a smartphone, for example, but may be any other suitable mobile device that can be carried by the user.
- the mobile device 20may communicate with the reader 14 via WiFi, BluetoothTM, infrared (e.g. IrDA), or any other suitable wireless or wired communication path.
- any policy updates stored in the reader 14previously received from the remote server 18 via the gateway 16 ) may be communicated to the mobile device 20 .
- the policy updatese.g. user's access policy updates
- Policy updatesneed not be communicated to the mobile device 20 for the user to gain access through a door. Instead, policy updates may be obtained when the mobile device 20 has communication available with the reader 14 and/or remote server 18 .
- the reader 14may communicate a location to the mobile device 20 , such that the mobile device 20 knows which door that the mobile device 20 is proximate to.
- the mobile device 20may receive a signal from one or more wireless beacons in the building (not shown) that identifies a particular door.
- the user of the mobile device 20may use the mobile device 20 to take a picture or otherwise scan an image displayed proximate the door, which can be decoded to inform the mobile device 20 as to the location of a particular door.
- the imagemay be a barcode or a QR code, for example.
- the usermay select a particular door via a user interface of the mobile device. These are just examples.
- the mobile device 20may be configured to use information stored within the mobile device 20 to determine whether the user is authorized to gain access through that particular door at this particular point in time.
- the mobile device 20may rely upon the user's digital identity (stored within the mobile device 20 ) and the user's access control policy (also stored within the mobile device 20 ).
- the user's digital identitymay include information that identifies the user. This may include an ID number such as a company ID number, a driver's license number or a social security number, for example. In some cases, the user's digital identity may include biometric information of the user.
- the user's digital identitymay include a confirmation by the mobile device 20 of certain biometric information of the user, such a positive retinal or finger print scan.
- the positive retinal or finger print scanmay be used to unlock the mobile device by the user.
- the mobile device 20may also rely upon one or more of a facility policy, an exception policy and a user's context information. Examples of the user's context information may include a history of which doors the user has previously accessed, and when. Based on some or all of this information, the mobile device 20 may determine whether the user is authorized to gain access to the particular door, or not. The mobile device 20 may then transmit the decision, which may for example be a YES decision or a NO decision, to the reader 14 .
- the decisionwhich may for example be a YES decision or a NO decision
- the reader 14may directly communicate an instruction to the door lock 12 , such as instructions to lock or unlock the door lock 12 . If the access control decision communicated to the reader 14 is YES, for example, the reader 14 may instruct the door lock 12 to unlock temporarily. In some instances, particularly if the reader 14 has a policy such as a facility policy or an exception policy that is updated relative to the same policy stored in the mobile device 20 , the reader 14 may override the decision made by the mobile device 20 , regardless of whether the updated policy stored in the reader 14 disagrees with the policy currently stored in the mobile device 20 .
- a policysuch as a facility policy or an exception policy that is updated relative to the same policy stored in the mobile device 20
- the reader 14may use such an updated user access policy to override the decision made by the mobile device 20 only when the updated policy stored in the reader 14 disagrees with the policy currently stored in the mobile device 20 . In some cases, the reader 14 may immediately communicate any policy updates to the mobile device 20 to reduce or eliminate subsequent policy disagreements. Alternatively, the mobile device will need to connect to the remote server 18 and obtain the updates from the remote server 18 before access is granted. These are just examples.
- FIG. 1shows a single door lock 12 and a single reader 14
- a facilitywill typically have a number of door locks 12 and a corresponding number of readers 14 , with each door having a single door lock 12 and a single reader 14 .
- the reader 14may communicate wirelessly with the mobile device 20 , rather than through a line of sight form of communication, there is no need to have a separate reader 14 on each side of a particular door. Rather, a single reader 14 may be configured to receive an access decision from the mobile device 20 , regardless of whether the user wishes to pass through the door to enter the space, or whether the user wishes to pass through the door to exit the space.
- FIG. 2is a schematic diagram of an illustrative access control system, such as access control system 10 shown in FIG. 1 .
- the access control system 10may be seen as including a door 22 and a location identifier 24 that is positioned proximate the door 22 and that wirelessly provides the location of the door 22 to the mobile device 20 .
- the mobile device 20is able to use the user's digital identity and the user's access policy, optionally along with one or more of a facility policy, an exception policy and the user's context information, to determine whether the user is authorized to pass through the door 22 .
- the location identifier 24may be a wireless beacon that is configured to communicate with the mobile device 20 via WiFi or BluetoothTM, for example.
- the location identifier 24may be a scannable image that may be photographed or otherwise scanned by the mobile device 20 in order to inform the mobile device 20 of the location (and other identifying features) of the door 22 .
- there is a single location identifier 24such as for example a wireless beacon or a scannable image for both entry and egress through the door 22 .
- scanning the entry side QR codeinforms the mobile device 20 that the desired access is entry while scanning the exit side QR code informs the mobile device 20 that the desired access is exit.
- a remote data entry 26may be communicatively coupled with the remote server 18 .
- the remote data entry 26may represent a computer such as a laptop computer or a desktop computer.
- the remote data entry 26may represent a mobile device such as a smartphone or a tablet. It will be appreciated that the remote data entry 26 may be used for entering information pertaining to a user's access policy.
- the remote data entry 26may be used for entering information pertaining to a facility policy and/or an exception policy.
- the remote data entry 26may be used by security personnel in updating these policies. While described as being remote, it should be understood that this is relative to the location of the door 22 , as the remote data entry 26 may be located within the facility housing the door 22 . In some cases, the remote data entry 26 may be far away from the facility housing the door 22 .
- FIG. 3is a schematic block diagram of the mobile device 20 .
- the mobile devicemay be configured to selectively grant access to a space within a facility having a door such as the door 22 ( FIG. 2 ) that restricts access to the space within the facility.
- the mobile device 20may include a memory 30 that is configured to store a user's digital identity as well as storing the user's access policies.
- a controller 32is operably coupled to the memory 30 and is configured to access the user's digital identity and the user's access policy from the memory 30 .
- the controller 32may be configured to use the user's digital identity and the user's access policy to determine whether the user is authorized to access the space to which the door restricts access.
- An output 34is operably coupled to the controller 32 and is configured to communicate with a reader (such as the reader 14 ) that is associated with the door (such as the door 22 ) in order to unlock a lock apparatus of the door when the controller 32 determines that the user is authorized to access the space to which the door restricts access.
- a readersuch as the reader 14
- the doorsuch as the door 22
- the controller 32may be configured to periodically receive updates to the user's access policies from a remote server. For example, the controller 32 may periodically receive updates to the user's access policies from the remote server 18 ( FIG. 1 ) via the gateway 16 ( FIG. 1 ), cellular communication and/or any other suitable communication pathway. In some cases, the controller 32 may receive updates to the user's access policies from the remote server 18 ( FIG. 1 ) via the reader 14 . The controller 32 may be configured to periodically receive updates to a facility level policy and/or exception policies from a remote server.
- the controller 32may be configured to use the facility level policy and/or exception policies as well as the user's access policies and the user's digital identity in determining whether the user is authorized to access the space to which the door restricts access.
- the mobile device 20may be configured to establish wireless communications with the reader (such as the reader 14 ) that is associated with a door in order to receive information identifying the door, and in some cases, updated user's access policies, facility level policies, and/or exception policies.
- FIG. 4is a schematic diagram showing an illustrative policy execution flow. As illustrated, there is a policy execution engine 40 that is manifested within the mobile device 20 and a policy execution engine 42 that is manifested within the reader 14 . A number of data points may be used by the policy execution engine 40 , including but not limited to USER level policies 44 , FACILITY level policies 46 , USER CURRENT CONTEXT 48 and USER REQUESTED ACCESS 50 . Based on these inputs, the policy execution engine 40 outputs a mobile engine decision 52 as well as additional information 54 to the policy execution engine 42 within the reader 14 . Additional inputs to the policy execution engine 42 includes FACILITY/SYSTEM or USER EXCEPTION policies 56 . The policy execution engine 42 will output a final decision 58 . In some cases, the final decision 58 may match the mobile engine decision 52 . In some instances, the final decision 58 may contradict the mobile engine decision 52 .
- FIG. 5is a schematic diagram showing an illustrative use of user context information.
- a second dooris only allowed to open for a user when the user entered through a first door.
- a user 60approaches a door 62 with their mobile device 20 in hand.
- the mobile device 20communicates with a reader 64 and with a location identifier 66 .
- the mobile device 20decided that access was authorized, and that the reader 64 did not contradict this decision, and thus the door 62 is opened and the user 60 can pass through.
- the user's user context information stored in the mobile device 20is updated to reflect that the user accessed the door 62 at a certain time.
- the user 60next approaches the door 68 .
- the mobile device 20communicates with a reader 70 and with a location identifier 72 . Assuming that the user 60 is authorized to access the space beyond the door 68 (as decided by the mobile device 20 and confirmed by the reader 70 ), and the user's user context information correctly notes that the user passes through the door 62 , the reader 70 will instruct the door 68 to open. In this example, if the users had not already passed through door 62 (sometimes within a predetermined period of time), the user would be denied access through door 68 .
- FIG. 6is a flow diagram showing an illustrative method 80 of controlling access through a door having a door lock that can be electrically locked and unlocked, the door lock operably coupled to a reader that is configured to establish local communication with a user's mobile device and to establish non-local communication with a remote server.
- a user's digital identity and a user's access policymay be stored in memory of the user's mobile device.
- the user's mobile devicemay use the stored user's digital identity and the stored user's access policy to determine whether the user is authorized for access through the door and to make an access decision of YES or NO, as indicated at block 84 .
- the access decisionmay be communicated to the reader along with the user's digital identity.
- the readerstores the communicated access decision and user's digital identity for subsequent communication to the remote server (e.g. log entry) as indicated at block 88 .
- Thismay be referred to as an access log, for example.
- the access decisionis YES, as indicated at block 90
- the doormay be unlocked so that the user can pass through. In some cases, the door is unlocked so that the user is free to enter a space to which access is otherwise restricted by the door or so that the user is free to exit from a space to which egress is otherwise restricted by the door.
- the access decisionis NO, as indicated at block 92 , the door is not unlocked.
- the user's mobile deviceis configured to use the stored user's digital identity and the stored user's access policy to determine whether the user is authorized for access through the door and to make an access decision of YES or NO even when the user's mobile device is not connected to the remote server.
- FIG. 7is a flow diagram showing an illustrative method 100 of controlling access through a door having a door lock that can be electrically locked and unlocked, the door lock operably coupled to a reader that is configured to establish local communication with a user's mobile device and to establish non-local communication with a remote server.
- a user's digital identity and a user's access policymay be stored in memory of the user's mobile device.
- the memorymay also store a facility policy, as indicated at block 102 .
- the user's mobile devicemay use the stored facility policy as well as the stored user's digital identity and the stored user's access policy to determine whether the user is authorized for access through the door and to make an access decision of YES or NO, as indicated at block 104 .
- the access decisionmay be communicated to the reader along with the user's digital identity.
- the readerstores the communicated access decision and user's digital identity for subsequent communication to the remote server (e.g. log entry) as indicated at block 88 .
- the access decisionis YES, as indicated at block 90
- the doormay be unlocked so that the user can pass through.
- the access decisionis NO, as indicated at block 92 , the door is not unlocked.
- the readerwhen the facility policy stored in the memory of the user's mobile device does not match a facility policy stored in the reader, the reader may be configured to use the facility policy stored in the reader to override the access decision made by the user's mobile device when the facility policy stored in the reader disagrees with the access decision made by the user's mobile device.
- the readermay also store an exception policy. The reader may use the exception policy to override the access decision made by the user's mobile device when the exception policy disagrees with the access decision made by the user's mobile device.
- FIG. 8is a flow diagram showing an illustrative method 110 of controlling access through a door having a door lock that can be electrically locked and unlocked, the door lock operably coupled to a reader that is configured to establish local communication with a user's mobile device and to establish non-local communication with a remote server.
- a user's digital identity and a user's access policymay be stored in memory of the user's mobile device.
- the user's mobile devicemay store user context information as noted at block 112 .
- the user context informationmay include an access history of which of a plurality of doors of a facility the user has previously accessed, and sometimes other information such as a corresponding time stamp.
- obtaining an access decision of YES for a particular doorrequires that the user to have previously passed through a different one of the plurality of doors.
- the user's mobile devicemay use the stored user context information in combination with the stored user's digital identity and the stored user's access policy to determine whether the user is authorized for access through the door and to make an access decision of YES or NO, as indicated at block 114 .
- the access decisionmay be communicated to the reader along with the user's digital identity.
- the readerstores the communicated access decision and user's digital identity for subsequent communication to the remote server (e.g. log entry) as indicated at block 88 . This may be referred to as an access log, for example.
- the access decisionis YES, as indicated at block 90
- the doormay be unlocked so that the user can pass through.
- the access decisionis NO, as indicated at block 92 , the door is not unlocked.
- FIG. 9is a flow diagram showing an illustrative method 120 of controlling access through a door having a door lock that can be electrically locked and unlocked, the door lock operably coupled to a reader that is configured to establish local communication with a user's mobile device and to establish non-local communication with a remote server.
- a user's digital identity and a user's access policymay be stored in memory of the user's mobile device.
- a reader ID of the readermay be identified as indicated at block 122 . In some cases, the reader ID is read from the reader. In some instances, the reader ID is inferred from a location of the user's mobile device.
- the user's mobile devicemay use the stored user's digital identity, the stored user's access policy and the reader ID to determine whether the user is authorized for access through the door and to make an access decision of YES or NO, as indicated at block 124 .
- the access decisionmay be communicated to the reader along with the user's digital identity.
- the readerstores the communicated access decision and user's digital identity for subsequent communication to the remote server (e.g. log entry) as indicated at block 88 . This may be referred to as an access log, for example.
- the doormay be unlocked so that the user can pass through. In some cases, the door is unlocked so that the user is free to enter a space to which access is otherwise restricted by the door or so that the user is free to exit from a space to which egress is otherwise restricted by the door.
- FIG. 10is a flow diagram of an illustrative method 130 that may be carried out by a mobile device when executing executable instructions.
- the mobile devicemay be caused to store a user's digital identity and a user's access policy.
- the mobile devicemay be caused to identify an identity of a locked door that the user wants to enter. For example, the mobile device may be configured to identify the locked door by scanning an image disposed proximate the locked door or by wirelessly communicating with a beacon that is disposed proximate the locked door.
- the mobile devicemay be caused to use the user's digital identity, the user's access policy and the identity of the locked door to determine, via a controller of the mobile device, whether the user is authorized to access the locked door.
- the mobile deviceis caused to transmit instructions to unlock the locked door.
- the mobile devicemay be caused to periodically download updates to the user's access policy and/or a facility access policy.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Lock And Its Accessories (AREA)
Abstract
Description
- The present disclosure pertains generally to methods of gaining access to a controlled space and more particularly to methods of using mobile devices in gaining access to a controlled space.
- A number of buildings include rooms, areas or spaces to which there is a desire to limit access. Traditional access systems require a user to provide some form of identification to an access system, and the access system then determines whether the user is authorized to access a particular room, area or space. A traditional access system may, for example, include an electronic lock that can be selectively locked or unlocked in order to prevent or provide access through a door into a space. The traditional access system may include a card reader or other device for identifying a user, and may include a card reader or other device on each side of the door. The card reader(s) and electronic lock(s) of a building are typically wired to a central access controller, wherein the central access controller stores access control policies for each user and each door. Access control decisions are typically made by the central access controller and/or card reader(s) in real or near real-time. A need remains for a simplified access system.
- The disclosure relates generally to methods and systems for controlling access to a controlled space using a user's mobile device to make at least part of a decision as to whether a particular user is authorized to gain access to a particular space in a building at a particular time. An example of the disclosure includes a method for controlling access through a door having a door lock that can be electrically locked and unlocked. The door lock is operably coupled to a reader that is configured to establish local communication with a user's mobile device and to establish non-local communication with a remote server. The example method further includes storing a user's digital identity and a user's access policy in a memory of the user's mobile device and the user's mobile device using the stored user's digital identity and the stored user's access policy to determine whether or not the user is authorized for access through the door and to make an access decision of YES or NO. The access decision may be communicated to the reader along with the user's digital identity and the reader may store the communicated access decision and user's digital identity for subsequent communication to the remote server. When the access decision is YES, the door lock is unlocked so that the user is free to pass through the door and when the access decision is NO, the door lock is not unlocked.
- Another example of the disclosure may be found in a mobile device that is configured to selectively grant access to a space within a facility having a door restricting access to the space within the facility. The example mobile device may include a memory that is configured to store a user's digital identity as well as a user's access policies. A controller may be operably coupled to the memory and may be configured to access the user's digital identity and the user's access policies from the memory and to use the user's digital identity and the user's access policies to determine whether the user is authorized to access the space to which the door restricts access. An output may be operably coupled to the controller and may be configured to communicate with a reader that is associated with the door in order to unlock a lock apparatus of the door when the controller determines that the user is authorized to access the space to which the door restricts access.
- Another example of the disclosure can be found in a non-transient computer-readable medium having instructions stored thereon that are executable by a processor of a mobile device. When the instructions are executed, the mobile device may store a user's digital identity and a user's access policy and to identify an identity of a locked door that the user wants to enter. The mobile device may then uses the user's digital identity, the user's access policy and the identity of the locked door to determine, via a controller of the mobile device, whether the user is authorized to access the locked door. When the determination is made by the controller of the mobile device that the user is authorized to access the locked door, the mobile device may be instructed to transmit instructions to unlock the locked door.
- The preceding summary is provided to facilitate an understanding of some of the features of the present disclosure and is not intended to be a full description. A full appreciation of the disclosure can be gained by taking the entire specification, claims, drawings, and abstract as a whole.
- The disclosure may be more completely understood in consideration of the following description of various illustrative embodiments of the disclosure in connection with the accompanying drawings, in which:
FIG. 1 is a schematic block diagram of an illustrative access control system;FIG. 2 is a schematic diagram of an illustrative access control system;FIG. 3 is a schematic block diagram of an illustrative mobile device usable with the access control systems ofFIGS. 1 and 2 ;FIG. 4 is a schematic diagram of an illustrative policy execution flow that may be carried out by the access control systems ofFIGS. 1 and 2 ;FIG. 5 is a flow diagram showing an illustrative method of controlling access through a door;FIG. 6 is a flow diagram showing an illustrative method of controlling access through a door;FIG. 7 is a flow diagram showing an illustrative method of controlling access through a door;FIG. 8 is a flow diagram showing an illustrative use of user context information;FIG. 9 is a flow diagram showing an illustrative method of controlling access through a door; andFIG. 10 is a flow diagram showing an illustrative method of controlling access through a door;- While the disclosure is amenable to various modifications and alternative forms, specifics thereof have been shown by way of example in the drawings and will be described in detail. It should be understood, however, that the intention is not to limit aspects of the disclosure to the particular illustrative embodiments described. On the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the disclosure.
- The following description should be read with reference to the drawings wherein like reference numerals indicate like elements. The drawings, which are not necessarily to scale, are not intended to limit the scope of the disclosure. In some of the figures, elements not believed necessary to an understanding of relationships among illustrated components may have been omitted for clarity.
- All numbers are herein assumed to be modified by the term “about”, unless the content clearly dictates otherwise. The recitation of numerical ranges by endpoints includes all numbers subsumed within that range (e.g., 1 to 5 includes 1, 1.5, 2, 2.75, 3, 3.80, 4, and 5).
- As used in this specification and the appended claims, the singular forms “a”, “an”, and “the” include the plural referents unless the content clearly dictates otherwise. As used in this specification and the appended claims, the term “or” is generally employed in its sense including “and/or” unless the content clearly dictates otherwise.
- It is noted that references in the specification to “an embodiment”, “some embodiments”, “other embodiments”, etc., indicate that the embodiment described may include a particular feature, structure, or characteristic, but every embodiment may not necessarily include the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is contemplated that the feature, structure, or characteristic may be applied to other embodiments whether or not explicitly described unless clearly stated to the contrary.
FIG. 1 is a schematic block diagram of an illustrativeaccess control system 10. Theaccess control system 10 includes adoor lock 12 that may be positioned to selectively lock and unlock a door (not illustrated). Thedoor lock 12 may be an electronically controlled lock such as a magnetic door lock, but other electronically controlled locks are contemplated. Areader 14 may be configured to control operation of thedoor lock 12. For example, thereader 14 may instruct thedoor lock 12 to change from a locked configuration to an unlocked configuration. Alternatively or additionally, thereader 14 may instruct thedoor lock 12 to change from an unlocked configuration to a locked configuration. In the example shown, thereader 14 may be communicatively coupled with agateway 16. Thegateway 16 may include a modem or router, for example, and may itself be configured to communicate with aremote server 18. Accordingly, thereader 14 may communicate with theremote server 18 via thegateway 16. This communication may be two-way communication, meaning that not only can thereader 14 receive information from theremote server 18, but that thereader 14 can also transmit information to theremote server 18. Theremote server 18 may in some cases be a cloud server, but this is not required in all cases.- As an example, the
remote server 18 may include information related to which doors a particular user has access to, and which doors a particular user is not authorized to pass through. This information, which may include a user's access policy, may be communicated to the particular user'smobile device 20. In some cases, the user's access policy may additionally be transmitted to thereader 14 via thegateway 16 so that thereader 14 may provide an updated user's access policy to themobile device 20, for example. The user's access policy may include detailed information as to which spaces the particular user is authorized to access, the conditions under which the user is authorized to access the space, time and date periods during which the user is authorized to access the space, and so on. A lower level employee may have access to their workspace and the lunchroom, but not have access to various labs and other spaces. The lower level employee may be limited to accessing their authorized spaces during certain time periods, such as Monday through Friday, 8 AM to 6 PM, and thus would not be permitted to pass at 7 AM on a Monday, or anytime on a Saturday or Sunday. An intermediate level employee may have access to the same spaces, but may be authorized to access these spaces seven days a week,24 hours a day. A higher level employee may have access to all spaces and at all times. These are just examples. - This information may also include a facility policy that may be communicated from the
remote server 18 to thereader 14 via thegateway 16. A facility policy may not be limited to a particular individual, but instead may describe limitations that apply to many or even all employees. An example might be that a particular door is to remain unlocked every weekday Monday through Friday, from 7 AM to 7 PM. Another example might be that a particular door is to remain locked, with no access available, all day on Saturdays and Sundays, regardless of the employee. These are just examples. - In some cases, an exception policy may be communicated from the
remote server 18 to thereader 14 via thegateway 16. An exception policy may specify, for example, that a particular space will be closed for a period of time for cleaning, or remodeling. An exception policy may specify that a particular door or set of doors is to remain unlocked for a particular period of time corresponding to an event. For example, particular doors may remain unlocked during a scheduled open house. Another example of an exception policy may be that a particular user may not have an updated or current user access policy. In some cases, the exception policy may be part of the facility policy, while in other cases, it may be separate. It will be appreciated that theaccess control system 10 may be configured to permit periodic updates to the user access policies, the facility policy and the exception policies to be communicated from theremote server 18 to thereader 14 via thegateway 16. Periodic updates may be scheduled, for example, or may occur when network connectivity permits communication between thereader 14 and thegateway 16, and/or between thegateway 16 and theremote server 18. - A
mobile device 20 may be configured to communicate with thereader 14. Themobile device 20 may be a smartphone, for example, but may be any other suitable mobile device that can be carried by the user. Themobile device 20 may communicate with thereader 14 via WiFi, Bluetooth™, infrared (e.g. IrDA), or any other suitable wireless or wired communication path. When themobile device 20 establishes wireless communication with thereader 14, any policy updates stored in the reader14 (previously received from theremote server 18 via the gateway16) may be communicated to themobile device 20. In some cases, the policy updates (e.g. user's access policy updates) may be communicated to themobile device 20 via a separate wireless communication path, such as cellular, Wifi or other communication path. Policy updates need not be communicated to themobile device 20 for the user to gain access through a door. Instead, policy updates may be obtained when themobile device 20 has communication available with thereader 14 and/orremote server 18. - In some cases, the
reader 14 may communicate a location to themobile device 20, such that themobile device 20 knows which door that themobile device 20 is proximate to. Alternatively, themobile device 20 may receive a signal from one or more wireless beacons in the building (not shown) that identifies a particular door. In some cases, the user of themobile device 20 may use themobile device 20 to take a picture or otherwise scan an image displayed proximate the door, which can be decoded to inform themobile device 20 as to the location of a particular door. The image may be a barcode or a QR code, for example. In some cases, the user may select a particular door via a user interface of the mobile device. These are just examples. - Once the
mobile device 20 has been informed of which door the user wishes to access, themobile device 20 may be configured to use information stored within themobile device 20 to determine whether the user is authorized to gain access through that particular door at this particular point in time. Themobile device 20 may rely upon the user's digital identity (stored within the mobile device20) and the user's access control policy (also stored within the mobile device20). The user's digital identity may include information that identifies the user. This may include an ID number such as a company ID number, a driver's license number or a social security number, for example. In some cases, the user's digital identity may include biometric information of the user. In some cases, the user's digital identity may include a confirmation by themobile device 20 of certain biometric information of the user, such a positive retinal or finger print scan. In some case, the positive retinal or finger print scan may be used to unlock the mobile device by the user. - The
mobile device 20 may also rely upon one or more of a facility policy, an exception policy and a user's context information. Examples of the user's context information may include a history of which doors the user has previously accessed, and when. Based on some or all of this information, themobile device 20 may determine whether the user is authorized to gain access to the particular door, or not. Themobile device 20 may then transmit the decision, which may for example be a YES decision or a NO decision, to thereader 14. - The
reader 14 may directly communicate an instruction to thedoor lock 12, such as instructions to lock or unlock thedoor lock 12. If the access control decision communicated to thereader 14 is YES, for example, thereader 14 may instruct thedoor lock 12 to unlock temporarily. In some instances, particularly if thereader 14 has a policy such as a facility policy or an exception policy that is updated relative to the same policy stored in themobile device 20, thereader 14 may override the decision made by themobile device 20, regardless of whether the updated policy stored in thereader 14 disagrees with the policy currently stored in themobile device 20. In some instances, if the user access policy was previously transmitted to thereader 14, it is contemplated that thereader 14 may use such an updated user access policy to override the decision made by themobile device 20 only when the updated policy stored in thereader 14 disagrees with the policy currently stored in themobile device 20. In some cases, thereader 14 may immediately communicate any policy updates to themobile device 20 to reduce or eliminate subsequent policy disagreements. Alternatively, the mobile device will need to connect to theremote server 18 and obtain the updates from theremote server 18 before access is granted. These are just examples. - While
FIG. 1 shows asingle door lock 12 and asingle reader 14, it will be appreciated that a facility will typically have a number of door locks12 and a corresponding number ofreaders 14, with each door having asingle door lock 12 and asingle reader 14. Because thereader 14 may communicate wirelessly with themobile device 20, rather than through a line of sight form of communication, there is no need to have aseparate reader 14 on each side of a particular door. Rather, asingle reader 14 may be configured to receive an access decision from themobile device 20, regardless of whether the user wishes to pass through the door to enter the space, or whether the user wishes to pass through the door to exit the space. FIG. 2 is a schematic diagram of an illustrative access control system, such asaccess control system 10 shown inFIG. 1 . InFIG. 2 , theaccess control system 10 may be seen as including adoor 22 and alocation identifier 24 that is positioned proximate thedoor 22 and that wirelessly provides the location of thedoor 22 to themobile device 20. Armed with this information, themobile device 20 is able to use the user's digital identity and the user's access policy, optionally along with one or more of a facility policy, an exception policy and the user's context information, to determine whether the user is authorized to pass through thedoor 22. In some cases, thelocation identifier 24 may be a wireless beacon that is configured to communicate with themobile device 20 via WiFi or Bluetooth™, for example. Alternatively, thelocation identifier 24 may be a scannable image that may be photographed or otherwise scanned by themobile device 20 in order to inform themobile device 20 of the location (and other identifying features) of thedoor 22.- In some cases, there is a
single location identifier 24, such as for example a wireless beacon or a scannable image for both entry and egress through thedoor 22. In some instances, there may be alocation identifier 24 on an entry side of thedoor 22 and anotherlocation identifier 24 on an exit side of thedoor 22. If the location identifier(s)24 are wireless beacons, thelocation identifier 24 on the entry side of thedoor 22 informs themobile device 20 that the desired access is entry while thelocation identifier 24 on the exit side of thedoor 22 informs themobile device 20 that the desired access is exit. Similarly, if the location identifier(s)24 are scannable images such as but not limited to QR codes, scanning the entry side QR code informs themobile device 20 that the desired access is entry while scanning the exit side QR code informs themobile device 20 that the desired access is exit. - As can be seen, a
remote data entry 26 may be communicatively coupled with theremote server 18. In some cases, theremote data entry 26 may represent a computer such as a laptop computer or a desktop computer. Theremote data entry 26 may represent a mobile device such as a smartphone or a tablet. It will be appreciated that theremote data entry 26 may be used for entering information pertaining to a user's access policy. Theremote data entry 26 may be used for entering information pertaining to a facility policy and/or an exception policy. In some cases, theremote data entry 26 may be used by security personnel in updating these policies. While described as being remote, it should be understood that this is relative to the location of thedoor 22, as theremote data entry 26 may be located within the facility housing thedoor 22. In some cases, theremote data entry 26 may be far away from the facility housing thedoor 22. FIG. 3 is a schematic block diagram of themobile device 20. As noted, the mobile device may be configured to selectively grant access to a space within a facility having a door such as the door22 (FIG. 2 ) that restricts access to the space within the facility. Themobile device 20 may include amemory 30 that is configured to store a user's digital identity as well as storing the user's access policies. Acontroller 32 is operably coupled to thememory 30 and is configured to access the user's digital identity and the user's access policy from thememory 30. Thecontroller 32 may be configured to use the user's digital identity and the user's access policy to determine whether the user is authorized to access the space to which the door restricts access. It is themobile device 20, therefore, that makes the determination as to whether access is authorized. Anoutput 34 is operably coupled to thecontroller 32 and is configured to communicate with a reader (such as the reader14) that is associated with the door (such as the door22) in order to unlock a lock apparatus of the door when thecontroller 32 determines that the user is authorized to access the space to which the door restricts access.- In some instances, the
controller 32 may be configured to periodically receive updates to the user's access policies from a remote server. For example, thecontroller 32 may periodically receive updates to the user's access policies from the remote server18 (FIG. 1 ) via the gateway16 (FIG. 1 ), cellular communication and/or any other suitable communication pathway. In some cases, thecontroller 32 may receive updates to the user's access policies from the remote server18 (FIG. 1 ) via thereader 14. Thecontroller 32 may be configured to periodically receive updates to a facility level policy and/or exception policies from a remote server. In some instances, thecontroller 32 may be configured to use the facility level policy and/or exception policies as well as the user's access policies and the user's digital identity in determining whether the user is authorized to access the space to which the door restricts access. Themobile device 20 may be configured to establish wireless communications with the reader (such as the reader14) that is associated with a door in order to receive information identifying the door, and in some cases, updated user's access policies, facility level policies, and/or exception policies. FIG. 4 is a schematic diagram showing an illustrative policy execution flow. As illustrated, there is apolicy execution engine 40 that is manifested within themobile device 20 and apolicy execution engine 42 that is manifested within thereader 14. A number of data points may be used by thepolicy execution engine 40, including but not limited toUSER level policies 44,FACILITY level policies 46,USER CURRENT CONTEXT 48 and USER REQUESTEDACCESS 50. Based on these inputs, thepolicy execution engine 40 outputs amobile engine decision 52 as well asadditional information 54 to thepolicy execution engine 42 within thereader 14. Additional inputs to thepolicy execution engine 42 includes FACILITY/SYSTEM orUSER EXCEPTION policies 56. Thepolicy execution engine 42 will output afinal decision 58. In some cases, thefinal decision 58 may match themobile engine decision 52. In some instances, thefinal decision 58 may contradict themobile engine decision 52.FIG. 5 is a schematic diagram showing an illustrative use of user context information. In this example, a second door is only allowed to open for a user when the user entered through a first door. InFIG. 5 , auser 60 approaches adoor 62 with theirmobile device 20 in hand. Themobile device 20 communicates with areader 64 and with a location identifier66. For purposes of this illustration, assume that themobile device 20 decided that access was authorized, and that thereader 64 did not contradict this decision, and thus thedoor 62 is opened and theuser 60 can pass through. As a result, the user's user context information stored in themobile device 20 is updated to reflect that the user accessed thedoor 62 at a certain time. Theuser 60 next approaches thedoor 68. Themobile device 20 communicates with areader 70 and with a location identifier72. Assuming that theuser 60 is authorized to access the space beyond the door68 (as decided by themobile device 20 and confirmed by the reader70), and the user's user context information correctly notes that the user passes through thedoor 62, thereader 70 will instruct thedoor 68 to open. In this example, if the users had not already passed through door62 (sometimes within a predetermined period of time), the user would be denied access throughdoor 68.FIG. 6 is a flow diagram showing anillustrative method 80 of controlling access through a door having a door lock that can be electrically locked and unlocked, the door lock operably coupled to a reader that is configured to establish local communication with a user's mobile device and to establish non-local communication with a remote server. As indicated atblock 82, a user's digital identity and a user's access policy may be stored in memory of the user's mobile device. The user's mobile device may use the stored user's digital identity and the stored user's access policy to determine whether the user is authorized for access through the door and to make an access decision of YES or NO, as indicated atblock 84. As noted atblock 86, the access decision may be communicated to the reader along with the user's digital identity. The reader stores the communicated access decision and user's digital identity for subsequent communication to the remote server (e.g. log entry) as indicated atblock 88. This may be referred to as an access log, for example. When the access decision is YES, as indicated atblock 90, the door may be unlocked so that the user can pass through. In some cases, the door is unlocked so that the user is free to enter a space to which access is otherwise restricted by the door or so that the user is free to exit from a space to which egress is otherwise restricted by the door. Alternatively, when the access decision is NO, as indicated atblock 92, the door is not unlocked. In some cases, the user's mobile device is configured to use the stored user's digital identity and the stored user's access policy to determine whether the user is authorized for access through the door and to make an access decision of YES or NO even when the user's mobile device is not connected to the remote server.FIG. 7 is a flow diagram showing anillustrative method 100 of controlling access through a door having a door lock that can be electrically locked and unlocked, the door lock operably coupled to a reader that is configured to establish local communication with a user's mobile device and to establish non-local communication with a remote server. As indicated atblock 82, a user's digital identity and a user's access policy may be stored in memory of the user's mobile device. The memory may also store a facility policy, as indicated atblock 102. The user's mobile device may use the stored facility policy as well as the stored user's digital identity and the stored user's access policy to determine whether the user is authorized for access through the door and to make an access decision of YES or NO, as indicated atblock 104. As noted atblock 86, the access decision may be communicated to the reader along with the user's digital identity. The reader stores the communicated access decision and user's digital identity for subsequent communication to the remote server (e.g. log entry) as indicated atblock 88. When the access decision is YES, as indicated atblock 90, the door may be unlocked so that the user can pass through. Alternatively, when the access decision is NO, as indicated atblock 92, the door is not unlocked.- In some instances, when the facility policy stored in the memory of the user's mobile device does not match a facility policy stored in the reader, the reader may be configured to use the facility policy stored in the reader to override the access decision made by the user's mobile device when the facility policy stored in the reader disagrees with the access decision made by the user's mobile device. In some instances, the reader may also store an exception policy. The reader may use the exception policy to override the access decision made by the user's mobile device when the exception policy disagrees with the access decision made by the user's mobile device.
FIG. 8 is a flow diagram showing anillustrative method 110 of controlling access through a door having a door lock that can be electrically locked and unlocked, the door lock operably coupled to a reader that is configured to establish local communication with a user's mobile device and to establish non-local communication with a remote server. As indicated atblock 82, a user's digital identity and a user's access policy may be stored in memory of the user's mobile device. In some cases, the user's mobile device may store user context information as noted atblock 112. The user context information may include an access history of which of a plurality of doors of a facility the user has previously accessed, and sometimes other information such as a corresponding time stamp. In some cases, obtaining an access decision of YES for a particular door requires that the user to have previously passed through a different one of the plurality of doors.- The user's mobile device may use the stored user context information in combination with the stored user's digital identity and the stored user's access policy to determine whether the user is authorized for access through the door and to make an access decision of YES or NO, as indicated at
block 114. As noted atblock 86, the access decision may be communicated to the reader along with the user's digital identity. The reader stores the communicated access decision and user's digital identity for subsequent communication to the remote server (e.g. log entry) as indicated atblock 88. This may be referred to as an access log, for example. When the access decision is YES, as indicated atblock 90, the door may be unlocked so that the user can pass through. Alternatively, when the access decision is NO, as indicated atblock 92, the door is not unlocked. FIG. 9 is a flow diagram showing anillustrative method 120 of controlling access through a door having a door lock that can be electrically locked and unlocked, the door lock operably coupled to a reader that is configured to establish local communication with a user's mobile device and to establish non-local communication with a remote server. As indicated atblock 82, a user's digital identity and a user's access policy may be stored in memory of the user's mobile device. A reader ID of the reader may be identified as indicated atblock 122. In some cases, the reader ID is read from the reader. In some instances, the reader ID is inferred from a location of the user's mobile device.- The user's mobile device may use the stored user's digital identity, the stored user's access policy and the reader ID to determine whether the user is authorized for access through the door and to make an access decision of YES or NO, as indicated at
block 124. As noted atblock 86, the access decision may be communicated to the reader along with the user's digital identity. The reader stores the communicated access decision and user's digital identity for subsequent communication to the remote server (e.g. log entry) as indicated atblock 88. This may be referred to as an access log, for example. When the access decision is YES, as indicated atblock 90, the door may be unlocked so that the user can pass through. In some cases, the door is unlocked so that the user is free to enter a space to which access is otherwise restricted by the door or so that the user is free to exit from a space to which egress is otherwise restricted by the door. FIG. 10 is a flow diagram of anillustrative method 130 that may be carried out by a mobile device when executing executable instructions. As indicated atblock 132, the mobile device may be caused to store a user's digital identity and a user's access policy. As indicated atblock 134, the mobile device may be caused to identify an identity of a locked door that the user wants to enter. For example, the mobile device may be configured to identify the locked door by scanning an image disposed proximate the locked door or by wirelessly communicating with a beacon that is disposed proximate the locked door. As indicated atblock 136, the mobile device may be caused to use the user's digital identity, the user's access policy and the identity of the locked door to determine, via a controller of the mobile device, whether the user is authorized to access the locked door. As indicated atblock 138, when the determination is made by the controller of the mobile device that the user is authorized to access the locked door, the mobile device is caused to transmit instructions to unlock the locked door. In some instances, as indicated atblock 140, the mobile device may be caused to periodically download updates to the user's access policy and/or a facility access policy.- Those skilled in the art will recognize that the present disclosure may be manifested in a variety of forms other than the specific embodiments described and contemplated herein. Accordingly, departure in form and detail may be made without departing from the scope and spirit of the present disclosure as described in the appended claims.
Claims (20)
1. A method of controlling access through a door having a door lock that can be electrically locked and unlocked, the door lock operably coupled to a reader that is configured to establish local communication with a user's mobile device and to establish non-local communication with a remote server, the method comprising:
storing a user's digital identity and a user's access policy in memory of the user's mobile device;
the user's mobile device using the stored user's digital identity and the stored user's access policy to determine whether the user is authorized for access through the door and to make an access decision of YES or NO;
communicating the access decision to the reader along with the user's digital identity;
the reader storing the communicated access decision and user's digital identity for subsequent communication to the remote server;
when the access decision is YES, unlocking the door lock so that the user is free to pass through the door; and
when the access decision is NO, not unlocking the door lock.
2. The method ofclaim 1 , further comprising:
storing in the memory of the user's mobile device a facility policy; and
using by the user's mobile device the facility policy in addition to the user's digital identity and the user's access policy in determining whether the user is authorized for access through the door and to make the access decision of YES or NO.
3. The method ofclaim 2 , further comprising:
when the facility policy stored in the memory of the user's mobile device does not match a facility policy stored in the reader, the reader is configured to use the facility policy stored in the reader to override the access decision made by the user's mobile device when the facility policy stored in the reader disagrees with the access decision made by the user's mobile device.
4. The method ofclaim 3 , further comprising:
storing by the reader an exception policy; and
the reader using the exception policy to override the access decision made by the user's mobile device when the exception policy disagrees with the access decision made by the user's mobile device.
5. The method ofclaim 1 , further comprising:
storing by the user's mobile device user context information; and
using by the user's mobile device the stored user context information in combination with the user's digital identity and the user's access policy in determining whether the user is authorized for access through the door and to make the access decision of YES or NO.
6. The method ofclaim 5 , wherein the user context information includes an access history of which of a plurality of doors of a facility that the user has previously accessed.
7. The method ofclaim 6 , wherein obtaining an access decision of YES for the door requires that the user previously passed through a different one of the plurality of doors.
8. The method ofclaim 1 , wherein when the access decision is YES, the door lock is unlocked so that the user is free to enter a space to which access is otherwise restricted by the door or so that the user is free to exit from a space to which egress is otherwise restricted by the door.
9. The method ofclaim 1 , wherein the user's mobile device is configured to use the stored user's digital identity and the stored user's access policy to determine whether the user is authorized for access through the door and to make an access decision of YES or NO even when the user's mobile device is not connected to the remote server.
10. The method ofclaim 1 , further comprising:
identifying a reader ID of the reader;
the user's mobile device using the stored user's digital identity, the stored user's access policy and the reader ID to determine whether the user is authorized for access through the door and to make an access decision of YES or NO.
11. The method ofclaim 10 , wherein the reader ID is read from the reader.
12. The method ofclaim 10 , wherein the reader ID is inferred from a location of the user's mobile device.
13. A mobile device configured to selectively grant access to a space within a facility having a door restricting access to the space within the facility, the mobile device comprising:
a memory configured to store a user's digital identity;
the memory further configured to store a user's access policies;
a controller operably coupled to the memory, the controller configured to access the user's digital identity and the user's access policies from the memory, the controller further configured to use the user's digital identity and the user's access policies to determine whether the user is authorized to access the space to which the door restricts access; and
an output operably coupled to the controller, the output configured to communicate with a reader that is associated with the door in order to unlock a lock apparatus of the door when the controller determines that the user is authorized to access the space to which the door restricts access.
14. The mobile device ofclaim 13 , wherein the controller is configured to periodically receive updates to the user's access policies from a remote server.
15. The mobile device ofclaim 13 , wherein the controller is configured to periodically receive updates to a facility level policy from a remote server.
16. The mobile device ofclaim 15 , wherein the controller is configured to use the facility level policy as well as the user's access policies and the user's digital identity in determining whether the user is authorized to access the space to which the door restricts access.
17. The mobile device ofclaim 13 , wherein the mobile device is configured to establish wireless communications with the reader that is associated with the door and to receive information identifying the door.
18. A non-transient computer-readable medium having instructions stored thereon executable by a processor of a mobile device, the instructions when executed causing the mobile device to:
store a user's digital identity and a user's access policy;
identify an identity of a locked door that the user wants to enter;
use the user's digital identity, the user's access policy and the identity of the locked door to determine, via a controller of the mobile device, whether the user is authorized to access the locked door; and
when the determination is made by the controller of the mobile device that the user is authorized to access the locked door, transmitting instructions to unlock the locked door.
19. The non-transitory computer-readable medium ofclaim 18 , wherein the instructions when executed further cause the mobile device to periodically download updates to the user's access policy and/or a facility access policy.
20. The non-transitory computer-readable medium ofclaim 18 , wherein the mobile device is configured to identify the locked door by scanning an image disposed proximate the locked door or by wirelessly communicating with a beacon that is disposed proximate the locked door.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US16/439,024US10878650B1 (en) | 2019-06-12 | 2019-06-12 | Access control system using mobile device |
| US16/918,948US11348396B2 (en) | 2019-06-12 | 2020-07-01 | Access control system using mobile device |
| US17/740,762US11887424B2 (en) | 2019-06-12 | 2022-05-10 | Access control system using mobile device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US16/439,024US10878650B1 (en) | 2019-06-12 | 2019-06-12 | Access control system using mobile device |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US16/918,948ContinuationUS11348396B2 (en) | 2019-06-12 | 2020-07-01 | Access control system using mobile device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| US20200394856A1true US20200394856A1 (en) | 2020-12-17 |
| US10878650B1 US10878650B1 (en) | 2020-12-29 |
Family
ID=73745141
Family Applications (3)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US16/439,024ActiveUS10878650B1 (en) | 2019-06-12 | 2019-06-12 | Access control system using mobile device |
| US16/918,948ActiveUS11348396B2 (en) | 2019-06-12 | 2020-07-01 | Access control system using mobile device |
| US17/740,762ActiveUS11887424B2 (en) | 2019-06-12 | 2022-05-10 | Access control system using mobile device |
Family Applications After (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US16/918,948ActiveUS11348396B2 (en) | 2019-06-12 | 2020-07-01 | Access control system using mobile device |
| US17/740,762ActiveUS11887424B2 (en) | 2019-06-12 | 2022-05-10 | Access control system using mobile device |
Country Status (1)
| Country | Link |
|---|---|
| US (3) | US10878650B1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11887424B2 (en) | 2019-06-12 | 2024-01-30 | Honeywell International Inc. | Access control system using mobile device |
| US12027007B2 (en) | 2021-03-01 | 2024-07-02 | Honeywell International Inc. | Building access using a mobile device |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11639617B1 (en) | 2019-04-03 | 2023-05-02 | The Chamberlain Group Llc | Access control system and method |
| US11151827B1 (en)* | 2020-11-20 | 2021-10-19 | Grand Dunes Entry Systems, LLC | Virtual entry system |
| US12340641B2 (en)* | 2022-03-10 | 2025-06-24 | Honeywell International Inc. | System and method for activating lockbox when authenticating device is in range |
| WO2023196502A1 (en)* | 2022-04-06 | 2023-10-12 | Security Enhancement Systems, Llc | Multi-mode electronic access control system and method |
| US12323798B2 (en)* | 2023-02-16 | 2025-06-03 | Verizon Patent And Licensing Inc. | Systems and methods for dynamic access and mobility policy refresh in wireless networks |
| US20250087036A1 (en)* | 2023-09-13 | 2025-03-13 | Honeywell International Inc. | Building access using a mobile device |
Family Cites Families (83)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4672654A (en) | 1984-12-12 | 1987-06-09 | At&T Company | PBX security system for monitoring security guard tours |
| GB8625491D0 (en) | 1986-10-24 | 1986-11-26 | Bespak Plc | Discharge pump assembly |
| US5640139A (en) | 1995-09-14 | 1997-06-17 | Egeberg; Gerald W. | Wireless control of electronic door locking devices for trailers |
| US6384709B2 (en) | 1997-05-30 | 2002-05-07 | Intellikey Corporation | Access control system for mobile platform using electronic key-embedded location verification data |
| WO2001040605A1 (en) | 1999-11-30 | 2001-06-07 | Bording Data A/S | An electronic key device, a system and a method of managing electronic key information |
| US20030179073A1 (en) | 2002-03-20 | 2003-09-25 | Ohanes Ghazarian | Electronic secure locking system |
| US7098794B2 (en) | 2004-04-30 | 2006-08-29 | Kimberly-Clark Worldwide, Inc. | Deactivating a data tag for user privacy or tamper-evident packaging |
| KR20060011267A (en) | 2004-07-29 | 2006-02-03 | 김주형 | Access control system and method using GPS |
| SE530279C8 (en) | 2005-03-18 | 2008-06-03 | Phoniro Ab | Method of unlocking a lock with a locking device capable of wireless short distance data communication in accordance with a communication standard, and an associated locking device |
| FI20055344A0 (en) | 2005-06-23 | 2005-06-23 | Jouni Koljonen | Data transfer system for passage control |
| WO2007089503A2 (en) | 2006-01-26 | 2007-08-09 | Imprivata, Inc. | Systems and methods for multi-factor authentication |
| CN101681454B (en) | 2007-03-22 | 2016-06-01 | 德国邮政股份公司 | Monitoring device for tracking system |
| DK2085934T3 (en) | 2008-01-31 | 2013-10-21 | Bekey As | Method and system for registering a mobile device used as an electronic access key |
| ATE518358T1 (en) | 2008-02-29 | 2011-08-15 | Research In Motion Ltd | NOTIFICATION OF AN ACCESS CONTROL REQUEST AND NOTIFICATION OF THE ACCESS CONTROL REQUEST ON A COMMUNICATIONS DEVICE |
| US20090249433A1 (en) | 2008-03-28 | 2009-10-01 | Janardan Misra | System and method for collaborative monitoring of policy violations |
| US7969302B2 (en) | 2008-06-09 | 2011-06-28 | Honeywell International Inc. | System and method for dynamic association of security levels and enforcement of physical security procedures |
| CH699096A2 (en) | 2008-07-08 | 2010-01-15 | Gilles Rooss | Adaptive tracking system pilot the environment. |
| GB0821482D0 (en) | 2008-11-25 | 2008-12-31 | Rockwell Automation Ltd | Access control |
| US20100201536A1 (en) | 2009-02-10 | 2010-08-12 | William Benjamin Robertson | System and method for accessing a structure using a mobile device |
| WO2011150405A2 (en) | 2010-05-28 | 2011-12-01 | Suridx, Inc. | Wireless encrypted control of physical access systems |
| US20120090757A1 (en) | 2010-10-18 | 2012-04-19 | Qualcomm Mems Technologies, Inc. | Fabrication of touch, handwriting and fingerprint sensor |
| US8941465B2 (en) | 2010-12-02 | 2015-01-27 | Viscount Security Systems Inc. | System and method for secure entry using door tokens |
| US8560839B2 (en) | 2010-12-20 | 2013-10-15 | Microsoft Corporation | Tamper proof location services |
| US20120169461A1 (en) | 2010-12-31 | 2012-07-05 | Schneider Electric Buildings Ab | Electronic physical access control with remote authentication |
| KR20120103929A (en) | 2011-03-11 | 2012-09-20 | 삼성전자주식회사 | Apparatus and method for short range communication in mobile terminal |
| US9336637B2 (en) | 2011-03-17 | 2016-05-10 | Unikey Technologies Inc. | Wireless access control system and related methods |
| WO2012155005A1 (en) | 2011-05-11 | 2012-11-15 | Sierchio Joseph | Universal interactive smart card device |
| US8624719B2 (en) | 2011-06-03 | 2014-01-07 | Bosch Automotive Service Solutions Llc | Smart phone control and notification for an electric vehicle charging station |
| EP2549452B1 (en) | 2011-07-21 | 2019-09-25 | Nxp B.V. | Location-based tracking |
| US8793776B1 (en) | 2011-09-12 | 2014-07-29 | Google Inc. | Location as a second factor for authentication |
| US9076273B2 (en) | 2012-02-24 | 2015-07-07 | Identive Group, Inc. | Method and system for providing identity, authentication, and access services |
| US20130257589A1 (en) | 2012-03-29 | 2013-10-03 | Mohammad MOHIUDDIN | Access control using an electronic lock employing short range communication with mobile device |
| EP2648386B1 (en) | 2012-04-08 | 2021-08-25 | Samsung Electronics Co., Ltd. | Management Server and Method for Controlling Device, User Terminal Apparatus and Method for Controlling Device, and User Terminal Apparatus and Control Method Thereof |
| KR20130128924A (en) | 2012-05-18 | 2013-11-27 | 삼성전자주식회사 | Apparatus and method for charging a product in a near field communication device |
| US9400902B2 (en) | 2012-05-22 | 2016-07-26 | Trimble Navigation Limited | Multi-modal entity tracking and display |
| US10515363B2 (en) | 2012-06-12 | 2019-12-24 | Square, Inc. | Software PIN entry |
| US9472034B2 (en) | 2012-08-16 | 2016-10-18 | Schlage Lock Company Llc | Electronic lock system |
| US9443365B2 (en) | 2012-08-16 | 2016-09-13 | Schlage Lock Company Llc | Wireless reader system |
| NZ706015A (en) | 2012-08-16 | 2016-04-29 | Schlage Lock Co Llc | Operation communication system |
| US9508206B2 (en) | 2012-08-16 | 2016-11-29 | Schlage Lock Company Llc | Usage of GPS on door security |
| US8943187B1 (en)* | 2012-08-30 | 2015-01-27 | Microstrategy Incorporated | Managing electronic keys |
| US20140082713A1 (en) | 2012-09-18 | 2014-03-20 | Broadcom Corporation | System and Method for Location-Based Authentication |
| TWI609343B (en) | 2012-09-21 | 2017-12-21 | Mobile financial trading system and method | |
| US8792936B2 (en) | 2012-10-01 | 2014-07-29 | Xerox Corporation | Establishing communication between devices using close proximity protocol |
| US9585228B2 (en) | 2012-11-30 | 2017-02-28 | Enlighted, Inc. | Associating information with an asset or a physical space |
| US20140189880A1 (en) | 2012-12-31 | 2014-07-03 | Gemalto Sa | System and method for administrating access control rules on a secure element |
| US8839361B2 (en) | 2013-02-04 | 2014-09-16 | Honeywell International Inc. | Access control system and method with GPS location validation |
| US9058702B2 (en) | 2013-03-12 | 2015-06-16 | Qualcomm Incorporated | Method for securely delivering indoor positioning data and applications |
| US9916746B2 (en) | 2013-03-15 | 2018-03-13 | August Home, Inc. | Security system coupled to a door lock system |
| US9382739B1 (en) | 2013-03-15 | 2016-07-05 | August Home, Inc. | Determining right or left hand side door installation |
| US9123244B2 (en) | 2013-03-15 | 2015-09-01 | Denso International America, Inc. | Vehicle tracking of personal devices with response system |
| US9528296B1 (en) | 2013-03-15 | 2016-12-27 | August Home, Inc. | Off center drive mechanism for thumb turning lock system for intelligent door system |
| US9704314B2 (en) | 2014-08-13 | 2017-07-11 | August Home, Inc. | BLE/WiFi bridge that detects signal strength of Bluetooth LE devices at an exterior of a dwelling |
| US10181232B2 (en) | 2013-03-15 | 2019-01-15 | August Home, Inc. | Wireless access control system and methods for intelligent door lock system |
| US20160319571A1 (en) | 2014-03-12 | 2016-11-03 | August Home Inc. | Intelligent door lock system with optical sensor |
| US9396320B2 (en) | 2013-03-22 | 2016-07-19 | Nok Nok Labs, Inc. | System and method for non-intrusive, privacy-preserving authentication |
| US10270748B2 (en) | 2013-03-22 | 2019-04-23 | Nok Nok Labs, Inc. | Advanced authentication techniques and applications |
| US9887983B2 (en) | 2013-10-29 | 2018-02-06 | Nok Nok Labs, Inc. | Apparatus and method for implementing composite authenticators |
| US9514469B2 (en) | 2013-04-21 | 2016-12-06 | International Business Machines Corporation | Identification of consumers based on a unique device ID |
| DE102014106364A1 (en) | 2013-05-13 | 2014-11-13 | Hakan Orcan | System for checking access authorization for a locking device |
| US9485607B2 (en) | 2013-05-14 | 2016-11-01 | Nokia Technologies Oy | Enhancing the security of short-range communication in connection with an access control device |
| EP2816532B1 (en) | 2013-06-20 | 2019-03-20 | Honeywell International Inc. | Systems and methods for enabling access control via mobile devices |
| US9444805B1 (en) | 2014-01-27 | 2016-09-13 | Microstrategy Incorporated | Context-aware validation |
| US20150227969A1 (en) | 2014-02-11 | 2015-08-13 | Stubhub, Inc. | Systems and methods for managing seating locations and preferences |
| CN104144497B (en) | 2014-07-28 | 2017-12-26 | 北京升哲科技有限公司 | User based on Bluetooth beacon equipment passes in and out the detection method and system in region |
| US9600949B2 (en)* | 2014-07-30 | 2017-03-21 | Master Lock Company Llc | Wireless key management for authentication |
| BR112017009867B1 (en) | 2014-12-02 | 2022-11-16 | Inventio Ag | METHOD FOR PROVIDING CONTROLLED ACCESS TO A VISITOR IN A BUILDING AND MOBILE DEVICE APPLICATION |
| DE102014119003A1 (en) | 2014-12-18 | 2016-06-23 | Skidata Ag | Method for configuring access control devices of an access control system |
| US9589403B2 (en) | 2015-05-15 | 2017-03-07 | Honeywell International Inc. | Access control via a mobile device |
| US9713002B2 (en) | 2015-05-15 | 2017-07-18 | Honeywell International Inc. | Access control via a mobile device |
| US10606224B2 (en)* | 2015-09-14 | 2020-03-31 | Tyco Integrated Security, LLC | Device enabled identity authentication |
| US10182309B2 (en) | 2016-03-30 | 2019-01-15 | Honeywell International Inc. | Magnetic fingerprinting for proximity-based systems |
| CN109074691B (en) | 2016-04-11 | 2022-07-29 | 开利公司 | Capture individual user intent when interacting with multiple access control devices |
| CH712541A1 (en) | 2016-06-14 | 2017-12-15 | Kaba Ag | Methods and apparatus for configuring access control devices at an installation site. |
| CN206557866U (en) | 2016-08-31 | 2017-10-13 | 北京厚文知识产权顾问有限公司 | A kind of gate control system based on GPS location |
| EP3510752A4 (en) | 2016-09-08 | 2020-05-27 | Honeywell International Inc. | CONTROL OF ACCESS TO A DOOR THROUGH A MOBILE DEVICE |
| US10096182B2 (en) | 2016-09-08 | 2018-10-09 | Honeywell International Inc. | Using a light up feature of a mobile device to trigger door access |
| US10186098B2 (en) | 2016-11-18 | 2019-01-22 | Honeywell International Inc. | Access control via a mobile device |
| US10878650B1 (en)* | 2019-06-12 | 2020-12-29 | Honeywell International Inc. | Access control system using mobile device |
| KR102823157B1 (en) | 2019-09-26 | 2025-06-20 | 아싸 아브로이 에이비 | Ultra-wide band antenna configuration for physical access control system |
| US11122431B2 (en) | 2019-10-17 | 2021-09-14 | Cisco Technology, Inc. | Integrating CBRS-enabled devices and intent-based networking |
| CN112211502A (en) | 2020-09-21 | 2021-01-12 | 王龙飞 | Intelligent door based on 5G |
| US11749045B2 (en) | 2021-03-01 | 2023-09-05 | Honeywell International Inc. | Building access using a mobile device |
- 2019
- 2019-06-12USUS16/439,024patent/US10878650B1/enactiveActive
- 2020
- 2020-07-01USUS16/918,948patent/US11348396B2/enactiveActive
- 2022
- 2022-05-10USUS17/740,762patent/US11887424B2/enactiveActive
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11887424B2 (en) | 2019-06-12 | 2024-01-30 | Honeywell International Inc. | Access control system using mobile device |
| US12027007B2 (en) | 2021-03-01 | 2024-07-02 | Honeywell International Inc. | Building access using a mobile device |
| US12367726B2 (en) | 2021-03-01 | 2025-07-22 | Honeywell International Inc. | Building access using a mobile device |
Also Published As
| Publication number | Publication date |
|---|---|
| US11348396B2 (en) | 2022-05-31 |
| US10878650B1 (en) | 2020-12-29 |
| US20220270424A1 (en) | 2022-08-25 |
| US20200394861A1 (en) | 2020-12-17 |
| US11887424B2 (en) | 2024-01-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11887424B2 (en) | Access control system using mobile device | |
| US10818118B2 (en) | Remote application for controlling access | |
| US9424699B2 (en) | Electronic access control and location tracking system | |
| US20210019971A1 (en) | Offline storage system and method of use | |
| US9466163B2 (en) | Electronic access control and location tracking system | |
| US10013825B2 (en) | Systems and methods for redundant access control systems based on mobile devices | |
| EP2487652B1 (en) | Security device with offline credential analysis | |
| US20250265883A1 (en) | Building access using a mobile device | |
| EP3584769A1 (en) | Improved access control system and a method thereof controlling access of persons into restricted areas | |
| US12020525B2 (en) | Property management systems | |
| US20190180021A1 (en) | Access key card that cancels automatically for safety and security | |
| KR101855494B1 (en) | Door system and method using mobile device | |
| KR102143716B1 (en) | Access control system based on RF-CARD | |
| EP3782135B1 (en) | Visualization and management of access levels for access control based on al hierarchy | |
| US20250209876A1 (en) | Access contol system | |
| EP4564743A1 (en) | Method and system for automatically changing a security level configuration of a security system of a facility based on a received event profile of an event to be held at the facility | |
| KR20180064325A (en) | Smart Device Security System by using Mobile Beacon | |
| JP2009223706A (en) | Attendance registration device and entrance/exit management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AS | Assignment | Owner name:HONEYWELL INTERNATIONAL INC., NEW JERSEY Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MERUVA, JAYAPRAKASH;HOLLA, CHAITHANYA;BALRAJ, KAMALAKANNAN;SIGNING DATES FROM 20190611 TO 20190612;REEL/FRAME:049448/0131 | |
| FEPP | Fee payment procedure | Free format text:ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY | |
| STCF | Information on status: patent grant | Free format text:PATENTED CASE | |
| MAFP | Maintenance fee payment | Free format text:PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment:4 |