Physical access control system and access control method
The integration of wireless technology and centralized authorization in physical access control systems enables seamless, secure access using smartphones and biometrics, addressing the need for user-friendly and efficient access control.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- HID GLOBAL CORP
- Filing Date
- 2026-03-12
- Publication Date
- 2026-06-16
AI Technical Summary
Existing physical access control systems require cumbersome user interactions, such as swiping cards or entering PINs, which can compromise security and user experience.
A system architecture that integrates wireless technology with smartphones, secure gateways, and cloud infrastructure to enable seamless access control through beacon detection, biometric authentication, and centralized authorization logic, minimizing user intervention while maintaining security.
Enhances security and user experience by allowing seamless access without manual intervention, reducing power consumption, and detecting tailgating, while maintaining robust authentication through biometric and credential-based methods.
Smart Images

Figure 2026098039000001_ABST
Abstract
Description
Technical Field
[0001] The embodiments illustrated and described in this specification generally relate to the system architecture of a physical access control system.
Background Art
[0002] Seamless access control refers to the physical access being permitted to authorized users through a controlled entrance without the need for cumbersome operations by the user, such as entering or swiping an access card with a card reader or entering a personal identification number (PIN) or password. A physical access control (PAC) system is a type of system that can provide seamless access. The PAC system authenticates and permits passage through physical access points such as security-protected doors. In this specification, improvements to a PAC system having an innovative interaction between wireless technology, smartphones, secure gateways, and cloud infrastructure will be described. These improvements not only enhance the security of the entire system but also lead to an improvement in the user experience.
Brief Description of the Drawings
[0003] [Figure 1] FIG. 1 is a diagram showing the basic physical access control (PAC) system structure. [Figure 2] FIG. 2 is a block diagram showing an example of the PAC system backend architecture. [Figure 3] FIG. 3 is a block diagram showing the layer model of a secure Internet of things gateway (SIG) device. [Figure 4] FIG. 4 is a block diagram showing an example of the software architecture of the SIG device. [Figure 5]Figure 5 shows an example of a PAC system that authenticates access by smartphone users. [Figure 6] Figure 6 shows another example of a PAC system for authenticating smartphone user access. [Figure 7] Figure 7 is a flowchart illustrating how to operate the seamless PAC system. [Figure 8] Figure 8 is a schematic block diagram showing a portion of an example of an authentication device. [Modes for carrying out the invention]
[0004] Figure 1 shows a basic PACS structure useful for office applications. Access credentials are data objects, pieces of knowledge (e.g., PINs, passwords, etc.), or facets of an individual's physical presence that provide proof of their identity (e.g., face, fingerprints, etc.). When access credentials are data objects, the credential device 104 stores them. The credential device 104 may be a smart card or a smartphone. Other examples of credential devices include, but are not limited to, near-field communication (RFID) based cards, access control cards, credit cards, debit cards, passports, ID cards, key fobs, near-field communication (NFC) enabled devices, mobile phones, personal digital assistants (PDAs), tags, or other devices configurable to emulate virtual credentials.
[0005] The credential device 104 is sometimes referred to as the access credential. The reader device 102 obtains and authenticates the access credential when using the credential device and transmits the access credential to the access controller 106. The access controller 106 compares the access credential to an access control list and grants or denies access based on the comparison, for example by controlling the automatic locking of a door.
[0006] The functions of the access controller 106 may be included in the reader device 102. These reader devices are called offline readers or standalone readers. If an unlocking mechanism is also included, the device is called a smart door lock and is more commonly used in residential applications. Devices such as smart door locks are often battery-powered, and power consumption and battery life can be important parameters of the device.
[0007] Figure 2 is a block diagram illustrating an example of a PAC system backend architecture. The authorization logic for physical access control is moved from a local reader device or access controller at the physical access portal to a secure Internet of Things Gateway (ISG) that can be used remotely from the physical access portal. Policies can be centrally controlled in this architecture, which has the advantage of changing access policies and reducing the complexity and cost of remote reader devices. A reader device or front-end (FE) device still exists at or near the portal location, but can be simplified to basically include an antenna and a modulator / demodulator for exchanging signals with the credential device. The signal is forwarded to SIG208 for analysis related to access control using the physical access control authorization logic. The authorization logic in SIG208 may include an authorization engine for making authentication decisions at a central location for many remote access controls. The authentication engine in SIG208 can also manage sensor-driven identification at remote locations.
[0008] The example in Figure 2 shows an FE device 202 connected to an Ethernet® network (or other local area network, i.e., LAN) that connects to SIG208 using a wired interface. The LAN may be a Transmission Control Protocol / Internet Protocol (TCP / IP) based network or an IoT mesh network. The wired interface may include an RS485 to Internet Protocol (IP) converter 210. The Ethernet® network may include an Ethernet® switch 212 for connecting to SIG208. SIG208 may include a WiFi® physical layer for connecting to a WiFi® network for communication with the FE device 202.
[0009] FE device 202 can relay credential information (e.g., from a PAC reader device) from a credential device (e.g., an RFID device) to SIG208. FE device 202 may be connected to one or more sensor devices 214 (e.g., cameras) for sensor-driven authentication. FE device 202 may communicate with other downstream devices using Bluetooth® Low Energy (BLE) signals to provide additional wireless functionality. In other examples, FE device 202 may provide wireless functionality using Long Range (LoRa) Low Energy network communication, Zigbee® network communication, or Long Term Evolution (LTE) network communication, ultra-wideband communication, Sigfox® communication, etc.
[0010] In some examples, the FE device 202 provides additional computing capabilities to the PAC system (for example, the FE device may include or communicate with a graphics processing unit or GPU). The FE device 202 may include or communicate with artificial intelligence (AI) (e.g., a neural network) to provide facial recognition, anomaly analysis, etc. The FE module can extend the memory capabilities of SIG208 (for example, by storing access logs or other access data).
[0011] Figure 3 shows an example of a layer model of SIG308. SIG308 includes a physical layer circuit 320 for accessing WiFi®, Ethernet®, or RS485 interfaces to communicate with downstream FE devices. SIG308 includes an array of secure elements 322. The number of secure elements 322 in the array depends on the load balancing requirements of the remote FE devices (e.g., reader devices). Secure elements 322 are used to exchange credential information with credential devices and can enhance security for the transmission of communications for physical access. Secure elements 322 can store cryptographic keys for the secure transmission and reception of sensitive data and can perform authentication of credential devices and users of the devices. In certain examples, secure elements 322 are Hardware Security Modules (HSMs). Because the secure elements 322 of SIG308 exchange credential information with credential devices, the reader device may be used in transparent mode to wirelessly relay information between the credential devices and the secure elements 322 of SIG308. The reader device may not provide analysis of the relayed information and may not recognize the logical need for communication between SIG308 and the credential device. One of the secure elements 322 may be assigned to each authentication session. The connection between the reader device and the SIG backend can be either direct (e.g., LAN) or indirect (e.g., gateway / controller).
[0012] Furthermore, SIG308 includes a Trusted Platform Module (TPM) 324. The TPM 324 is a type of secure hardware element that may be used in system-on-a-chip (SoC) devices. Including a TPM in SIG308 complements the secure element 322 by enabling secure bootstrapping of SIG308 and providing secure primitives to applications running on SIG308. SIG308 also includes processing circuitry 326 and memory storage. SIG308 may include servers that are remote from the access portal it controls. SIG308 may include an additional physical layer 328 for communicating upstream with devices in the system backend.
[0013] Figure 4 is a block diagram showing an example of the software architecture of SIG408. SIG408 includes processing circuits (e.g., one or more processors) that execute instructions included in the software to perform the functions described. The processing circuits and software of SIG408 implement an authentication engine 430 as a central source for making authentication decisions. Changing the authentication logic of the authentication engine 430 changes the access policy of all physical access portals. Security services 432 provide load balancing for authentication sessions performed by secure elements 422. Security services 432 can cause secure elements to open and manage secure channels with access credential devices. SIG408 includes sensor access services 434 for processing information coming from authentication sensors 414 (e.g., sensor data). For example, authentication sensors 414 may include a camera that provides a video stream for authentication (e.g., by facial recognition). Sensor access services 434 process the sensor information, and SIG408 may include an authentication application 436 or “app” for performing authentication using the information provided by the sensors.
[0014] For physical access applications, the authentication engine 430 needs to authenticate a person. This requires a different method than the one used by electronic devices to authenticate other electronic devices. Personal authentication methods can be broadly divided into four categories: "Who are you?" authentication, which can be determined by face, fingerprint, or other biometric authentication; "What do you have?" authentication, which can be determined by a credential device; "What do you know?" authentication, which can be determined by a password or PIN; and "Where are you?" authentication, which can be determined by proof of existence and proof of intent to access.
[0015] As previously stated herein, for seamless PAC, authentication should not require cumbersome user intervention. Sensors and credential devices may be used to seamlessly authenticate users accessing the system. Sensors may be used for short-range detection and authentication (e.g., 3 meters or less) using biometric authentication such as facial recognition and gait analysis. Credential devices such as smartphones or smart cards may be used for detection and authentication over longer ranges (e.g., up to approximately 15 meters).
[0016] In long-range authentication using a smartphone as a credential device, it is undesirable for the smartphone to constantly and actively search for an authentication session. This can unnecessarily drain the smartphone's battery. When the battery is depleted, the smartphone may not be able to provide seamless access due to low battery level, or the user may turn off the smartphone or disable seamless access. A better approach is to trigger authentication when the smartphone (and person) is near controlled access. Various approaches are available to trigger authentication.
[0017] Figure 5 shows an example of a PAC system that authenticates access using a smartphone. In this example, the access control portal is a revolving gate 540. The smartphone 542 emits a low-energy level beacon signal in low-energy broadcast mode. For example, if the smartphone is configured as a Bluetooth® peripheral, the smartphone 542 may support background Bluetooth® Low Energy (BLE) advertising. BLE is just one example, and other long-range or short-range wireless protocols may be used. The term beacon is intended to include all radio signals that can potentially perform the functions of a beacon as described herein.
[0018] The beacon signal is detected using a beacon reader device 544 or a beacon detector in the PAC system. The beacon reader device 544 sends a notification of beacon detection to the seamless access authentication device 508 (e.g., a SIG device or backend server). The beacon reader device 544 may send a message indicating beacon detection via the cloud 510 (e.g., using a cloud-based messaging service). The term “cloud” is used herein to refer to a hardware abstraction. Instead of a single dedicated server to process the message or routing message, the message may be sent to a file data center or processing center. The actual servers used for processing and routing may be interchangeable within the data center or processing center. In another example, the notification of detected beacon signals may be sent to the authentication device 508 using the PAC system’s WiFi® network instead of the cloud. In a variation, for example, if the WiFi® network and the cloud are unavailable, the notification of detected beacon signals may be sent to the authentication device 508 using another network system (e.g., an IoT mesh network).
[0019] In response to a beacon notification, the authentication device 508 triggers the sending of a cloud-based message to the smartphone 542. The cloud-based message is received by the smartphone, which may launch an application on the smartphone 542. The cloud-based messaging must reliably wake up or enable the smartphone 542 from a low-power mode (e.g., sleep mode) to an active mode. "Reliably" means that the exchange or transfer of information takes place regardless of the state of the smartphone's applications (e.g., sleep mode, deep sleep mode, background or foreground application).
[0020] When one or more apps on the smartphone are woken up or activated, authentication-related information may be exchanged with the authentication device 508. The authentication device 508 can initiate a secure session with the smartphone 542 for the transfer of authentication information. Secure communication can be established between the smartphone 542 and the secure element of the authentication device 508. The secure communication may be via the cloud 510. The secure element can share a temporary session key with the smartphone 542 (e.g., using a security token service or STS seed). The secure communication obtains access credential information from the smartphone 542. After successful authentication of the access credential information, the authentication device 508 can send information to the access controller 548 (e.g., via Ethernet® or another LAN) to grant access, or the authentication device 508 can deny access.
[0021] In some examples, the authentication device 508 is a reader device that includes an authentication function. The secure communication channel may be a BLE communication channel, a WiFi® channel, or another radio frequency (RF) communication channel established between the reader device and the smartphone 542, and the reader device includes authentication logic for authenticating access credentials. The reader device communicates with the access controller 548 to permit or deny access. In a variation, the reader device is a reader / control device and does not need to transmit a communication to permit or deny access. Instead, the reader / control device itself directly permits or denies access according to the authentication operation.
[0022] FIG. 6 is a diagram illustrating an example of a PAC system that authenticates access using a smartphone 642. Also in this example, the access control portal is a rotary ticket gate 640. However, the smartphone 642 does not broadcast a beacon for detection by a beacon reader. Instead, the smartphone 642 is enabled in a read mode or a scan mode to search for a beacon signal from a beacon transmission device 650 disposed near the controlled access portal. For example, if the smartphone is configured as a Bluetooth® central device, the smartphone 642 may support background Bluetooth® scanning. The application of the smartphone 642 may be activated or woken up when a specific data pattern is detected within a specific timing window.
[0023] When a beacon from beacon transmission device 650 is detected by smartphone 642, smartphone 642 transmits a communication to authentication device 608 to initiate an authentication session. The communication can be transmitted to authentication device 608 via cloud 646. When the communication from smartphone 642 is received, authentication device 608 can initiate a secure session with smartphone 642 to exchange authentication information with smartphone 642. To obtain access credentials, a secure communication can be established between smartphone 642 and the secure elements of authentication device 608 via cloud 646. After the authentication of the access credentials is successful, authentication device 608 can transmit information to access controller 648 to permit access, or authentication device 608 can deny access. Authentication device 608 can be configured to communicate with either a smartphone in read mode or a smartphone in broadcast mode, and as a result, one authentication device 608 can provide services to multiple controlled access portals that can use any type of communication technology.
[0024] Authentication device 608 can be a reader device that includes an authentication function. The reader device can open a secure communication channel with smartphone 642 and obtain access credentials in response to the communication from smartphone 642. The reader device authenticates the access credentials and communicates with access controller 648 to permit or deny access. Alternatively, the reader device can be a reader / control device that directly permits or denies access according to the authentication operation.
[0025] As previously stated herein, sensors may be used for closer-range detection and authentication. Examples of sensors are cameras 552 and 652 shown in the example PAC system in Figures 5 and 6. Sensor data may be transferred to an authentication device using FE and SIG devices, as in the example in Figure 2, or the authentication device may be a reader device positioned near the sensor to receive the sensor data directly.
[0026] The sensor provides sensor data (e.g., video image data or a video stream of video data) used to determine one or more biometric identities for authenticating a person attempting to gain access through the portal. In some examples, the authentication device that grants or denies access to an individual is a SIG located remotely from the access portal, and the sensor data is provided to the SIG's sensor access service. The authentication engine of the authentication device authenticates the individual using the biometric identifier. In some examples, the authentication device is a reader device located near the physical access portal, and the reader device authenticates one or more biometric identifiers of the individual.
[0027] Biometric identifiers may include facial recognition from video data generated by sensor devices. Data acquired from sensors can be compared to a biometric database. The database may be stored in the memory of a server in the system backend. The biometric database may include multiple angles and poses of individuals who may be permitted access via a physical access portal. The angles and poses may be from images of the person (e.g., photographs) taken while the person is registered as an employee. Multiple angles and poses are useful for matching biometrics even if the person approaches the sensor from different angles. The angle or pose of a person in the sensor data can be matched with the angle or pose of the stored biometrics. The authentication engine may run AI algorithms (e.g., neural network algorithms) to implement facial recognition.
[0028] Anti-spoofing measures can be applied to enhance facial recognition biometric authentication. For example, a person's height can be estimated using video data. When a person approaches a sensor, the authentication engine can measure the distance between the person's eyes and estimate the distance from the sensor. The height of the approaching person can be estimated based on the distance from the top of their head, the distance between their eyes, and the distance from the sensor. As biometric authentication added to facial recognition, the authentication engine can compare the estimated height to the person's recorded height. Access via a physical portal may be granted based on a combination of the results of the biometric analysis.
[0029] In another example, video data can be used to analyze a person's gait as biometric authentication to improve facial recognition. The authentication engine can perform a gait analysis to determine whether a person's gait biometric authentication matches the recorded gait of a person identified by facial recognition. In yet another example, the authentication engine can analyze shadows contained in a video stream. The authentication operation may include analyzing the video stream to detect shadows that do not move relative to facial features. If the shadows do not move as expected, it may indicate that a photograph or other still image may be being used to impersonate a seamless access device. Background images may be used in a similar manner. The authentication operation may include analyzing the background of the video stream to determine whether the background moves appropriately in line with changes in the position of the face. In yet another example, the clothing of a person in an image can be compared to that person's everyday habits to determine whether the person's current appearance matches their usual appearance.
[0030] Enhanced biometric authentication may be used only when facial recognition does not yield sufficient results. For example, facial recognition may include a correlation metric that indicates how well a face in video data matches stored facial recognition data. The correlation metric must meet a correlation threshold, or alternatively, additional biometric authentication may be used. Other non-biometric information may also be used. For example, an authentication device may check the work schedule of a provisionally identified person to confirm that the identified person is requesting physical access.
[0031] In another example, a person's "electromagnetic signature" can be analyzed on a daily basis. Electromagnetic signals, such as BLE or WiFi® signals, emitted from devices a person commonly carries (e.g., mobile devices, phones, tablets, laptops, smartwatches, etc.) can be monitored on a daily basis. This electromagnetic signature can be altered if the person carries more or different devices than usual. This change may indicate that the person is not authentic.
[0032] If the confidence level of the analysis is still low, the seamless access device may require some action from the user to complete authentication, such as entering a password on a keypad or using a smartphone. The results of the facial recognition analysis and verification using secondary analysis can be used to machine-learn AI algorithms to improve facial recognition.
[0033] According to several examples, authentication involving sensor data and badge or smartphone credential authentication can be combined to perform two-factor authentication. For example, an authentication device can first authenticate an individual who is located away from a physical access portal based on credential information transmitted from the individual's smartphone. If the person is within range, a shorter-range sensor-based authentication (e.g., facial recognition) can then be performed. This approach provides an authentication technique that matches access credentials with an individual's biometric authentication. Detection of the presence of a credential device (e.g., via beacon signaling) can trigger authentication using sensors. In another example, authentication using sensor data is performed first, followed by authentication using a badge or smartphone. This allows access credentials to be used to verify the biometric authentication result if the authentication result is insufficient.
[0034] As previously stated herein, seamless access is access that is permitted without requiring any cumbersome user action to indicate intent for access (e.g., presenting a card, entering a password, etc.) while maintaining the same level of security. The processing circuitry of the authentication device may include an intent detection engine. The intent detection engine uses sensor data to determine that a person is about to pass through a physical access portal. The authentication device, including the intent detection engine, may be located away from the physical access portal (e.g., a SIG device), and the sensor data may be transmitted from a front-end device to the authentication device, or the authentication device may be located near the physical access portal (e.g., a reader device).
[0035] In some examples, a physical access portal includes multiple access points, such as secure double doors. An intent detection engine determines which door a person is trying to enter and opens only that door, leaving the other door closed. For example, a camera may be placed at each door. The intent detection engine can use video image data from each door and compare the person's movement in the two images to determine which door the person is trying to enter. The intent detection engine calculates an intent score for each door and can open the door with the highest resulting score. In another example, one or more magnetometer or accelerometer sensors can be placed near each door to detect which door a person is trying to enter based on the signals from the sensors. In yet another example, the sensor is placed on a person's smartphone, and the intent detection engine detects the smartphone's movement to infer the person's intent.
[0036] Security issues can arise associated with seamless access control. For example, in a seamless physical access system that opens a door when an authorized user is within two meters, if another person (whether authorized or not) is directly behind the authorized user or "tailgating," multiple people could enter, not just the authorized user.
[0037] Sensor data can be used to detect tailgating. If two people are passing through a physical access portal in close proximity to each other, an authentication device can authenticate both people using facial recognition. If both people pass authentication, the authentication device does nothing. If a subsequent person fails authentication, the authentication device can send an alert to the first person (e.g., their smartphone) or send an alert or alarm to a security entity. In another example, a user may carry a beacon-emitting badge, and the authentication device can detect the number of people attempting to enter from the beacon signal emitted by the badge. Tailgating detection can occur retrospectively by detecting the number of people in a secure space and comparing that number to the number recorded as entering. For example, the number of people in a space can be determined using video data sent to the authentication device from one or more cameras.
[0038] Figure 7 is a flowchart of a method 700 for operating a seamless PAC system. In 705, access credential information from a credential device is received by an authentication device of the PAC system. The credential information may be a data object that provides proof of the identity of the user of the credential device for access through a physical portal controlled by the PAC system. The credential information is received by the authentication device via a radio access network using a cloud-based messaging service. In some examples, the authentication device sends an activation message to the credential device using the cloud-based messaging service in response to the detection of a beacon signal from the credential device. The beacon may be detected using a beacon reader device of the PAC system. In some examples, the credential device transmits credential information in response to the detection of a beacon signal transmitted by the PAC system. The beacon signal may be transmitted by a beacon transmitting device of the PAC system.
[0039] In 710, access credentials are authenticated using an authentication device. The credentials can be compared with an authentication database stored by the authentication device, and the user is granted access if the credentials match the data of an authorized user. In 715, access is granted if the credentials indicate that the user of the credentials device is authorized to access; otherwise, access is denied.
[0040] In some examples, authentication devices use biometric information to authenticate users. Sensor devices located near the physical access portal collect sensor data from users. This sensor data is compared to the biometric data of authorized users. If the sensor data and credential data indicate that the user is an authorized user, access is granted.
[0041] Figure 8 is a schematic block diagram of various exemplary components of an authentication device to support the device architecture described and illustrated herein. Device 800 in Figure 8 may be, for example, an authentication device that analyzes evidence of the authority, status, rights, and / or privileges of the holder of an authentication device. At a basic level, a credential device may be a portable device having a memory that stores one or more user credentials or credential data, and an interface (e.g., one or more antennas and integrated circuit (IC) chips). The interface allows the credential device to exchange data with another device, such as an authentication device. An example of a credential device is an RFID smart card on which data is stored, allowing the holder of the credential device to access a secure area or asset protected by a reader device. Another example of a credential device is a smartphone on which data is stored in memory.
[0042] Referring particularly to Figure 8, examples of authorization or authentication devices 800 for supporting the device architecture described and illustrated herein generally include one or more of the following: memory 802, processor 804, one or more antennas 806, communication module 808, network interface device 810, user interface 812, and power supply 814, i.e., power supply.
[0043] Memory 802 may be used in connection with the execution of application programs or instructions by the processor 804, and may also be used to temporarily or long-term store program instructions or instruction sets 816, authorization data 818 such as credential data, credential authentication data, or access control data or instructions, and any data, data structures, and / or computer-executable instructions necessary or desired to support the above-described device architecture. For example, memory 802 may include executable instructions 816 used by the processor 804 to execute other components of device 800 and to make access decisions based on credential information or authorization data 818, and / or to perform any of the functions or operations described herein, such as in the method shown in Figure 7. Memory 802 may include computer-readable media, which may be any medium that can contain, store, communicate, or transfer data, program code, or instructions used by or in connection with device 800. Computer-readable media may be, for example, but not limited to, electronic, magnetic, optical, electromagnetic, infrared, or semiconductor systems, apparatus, or devices. More specific examples of suitable computer-readable media include, but are not limited to, electrical connections with one or more wires, or tangible storage media such as portable computer diskettes, hard disks, random access memory (RAM), dedicated memory (ROM), erasable programmable read-only memory (EPROM or flash memory), dynamic RAM (DRAM), any solid-state storage device, generally compact disk read-only memory (CD-ROM), or other optical or magnetic storage devices. Computer-readable media includes, but should not be confused with, computer-readable storage media intended to cover all physical, non-temporary, or similar embodiments of computer-readable media.
[0044] The processor 804 can correspond to one or more computer processing devices or resources. For example, the processor 804 may be provided as silicon such as a field-programmable gate array (FPGA), an application-specific integrated circuit (ASIC), any other type of integrated circuit (IC) chip, or an array of IC chips. More specifically, the processor 804 may be provided as a microprocessor, a central processing unit (CPU), or multiple microprocessors or CPUs configured to execute instruction sets stored in internal memory 820 and / or memory 802.
[0045] Antenna 806 can accommodate one or more antennas and may be configured to provide wireless communication between device 800 and another device. Antenna 806 may be configured to operate using one or more wireless communication protocols and operating frequencies, including, but not limited to, IEEE 802.15.1, Bluetooth®, Bluetooth Low Energy (BLE), near field communications (NFC), ZigBee®, GSM, CDMA, Wi-Fi®, RF, UWB, etc. For example, antenna 806 may include one or more antennas configured to operate using UWB for in-band activity / communication and Bluetooth® (e.g., BLE) for out-of-band (OOB) activity / communication. However, RFID or personal area network (PAN) technologies such as IEEE 802.15.1, Near Field Communication (NFC), ZigBee®, GSM, CDMA, and Wi-Fi® may be used as alternatives or additional methods for the OOB activities / communications described herein.
[0046] Device 800 may further include a communication module 808 and / or a network interface device 810. The communication module 808 may be configured to communicate with one or more different systems or devices, remote or local to device 800, according to any suitable communication protocol. The network interface device 810 includes hardware that facilitates communication with other devices over a communication network utilizing one of a number of transport protocols (e.g., Frame Relay, Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Hypertext Transfer Protocol (HTTP), etc.). Examples of communication networks include, in particular, local area networks (LANs), wide area networks (WANs), packet data networks (such as the Internet), mobile phone networks (e.g., cellular networks), analog voice call (POTS) networks, wireless data networks (e.g., the IEEE 802.11 family of standards known as Wi-Fi®, or the IEEE 802.16 family of standards known as WiMAX®), the IEEE 802.15.4 family of standards, and peer-to-peer (P2P) networks. In some examples, the network interface device 810 may include Ethernet® ports or other physical jacks, Wi-Fi® cards, network interface cards (NICs), cellular interfaces (e.g., antennas, filters, and associated circuitry), etc.In some examples, the network interface device 810 may include an antenna that communicates wirelessly using at least one of the single-input multiple-output (SIMO), multiple-input multiple-output (MIMO), and multiple-input single-output (MISO) technical techniques. In some exemplary embodiments, the antenna 806, the communication module 808, and / or one or more of the network interface device 810 and their subcomponents may be integrated as a single module or device so that they can function or operate as if they were a single module or device, or they may have elements shared among them.
[0047] The user interface 812 may include one or more input devices and / or display devices. Suitable user input devices that may be included in the user interface 812 include, but are not limited to, one or more buttons, a keyboard, a mouse, a touch-sensitive surface, a stylus, a camera, a microphone, etc. Suitable user output devices that may be included in the user interface 812 include, but are not limited to, one or more LEDs, an LCD panel, a display screen, a touch screen, one or more lights, a speaker, etc. It should also be understood that the user interface 812 may include combined user input and user output devices, such as a touch display. The alarm circuit 826 may provide an audio signal to a speaker, activate a light, or use a display device to indicate an alarm state.
[0048] The power supply 814 may be any suitable internal power supply for the components of device 800, such as a battery, capacitive power supply, or similar type of energy storage device, and / or may include one or more power conversion circuits suitable for converting external power into suitable power (e.g., converting externally supplied AC power to DC power).
[0049] Furthermore, device 800 may include one or more interconnects or buses 822 capable of transmitting communications between various hardware components of the device. The system bus 822 may be one of several commercially available bus structures or bus architectures.
[0050] Additional disclosures and examples Example 1 includes a subject (such as a physical access control (PAC) system) comprising an authentication device, the authentication device comprising a physical layer circuit configured to send and receive radio frequency electrical signals using a radio access network, and a processing circuit. The processing circuit is operably connected to the physical layer circuit and includes an authentication engine configured to receive access credential information via the radio access network using a cloud-based messaging service, authenticate the access credential information using the authentication device, and initiate access to a physical access portal corresponding to the access credential information.
[0051] In Example 2, the subject of Example 1 optionally includes a beacon reader device configured to detect a beacon signal transmitted by a credential device and to send a beacon detection message to the authentication device in response to the detection of the beacon signal. The processing circuit optionally includes to initiate the transmission of an activation message to the credential device using the cloud-based messaging system in response to the beacon detection message and to receive the access credential information from the credential device via the cloud-based messaging service.
[0052] In Example 3, the subject of Example 2 optionally includes a beacon reader device configured to detect Bluetooth® low-energy beacon signals transmitted by a smartphone credential device.
[0053] In Example 4, the subject of one or any combination of Examples 1 to 3 optionally includes a beacon transmitting device configured to transmit a beacon signal detectable by a credential device. The processing circuit optionally receives a request from the credential device to open a communication session and receives the access credential information during the communication session.
[0054] In Example 5, the subject of one or any combination of Examples 1 to 4 optionally includes one or more sensor devices configured to generate sensor data associated with the user of the credential device and to provide the sensor data to the authentication device via a local area network; a memory configured to store biometric information; and an authentication engine configured to authenticate the identity of the user of the credential device by comparing the sensor data with the biometric information.
[0055] In Example 6, the subject of Example 5 optionally includes an intent detection engine configured to use the sensor data to determine the user's physical access intent for the credential device, and an authentication device configured to grant access to the physical access portal according to the access credential information and the determined physical access intent for the user of the credential device.
[0056] In Example 7, the subject of Example 6 optionally includes a controller configured to open a first of several parts of the physical access portal in accordance with the user's physical access intent of the credential device.
[0057] Example 8 includes a subject (such as a method for operating a seamless PAC system), or can be optionally combined with one or any combination of Examples 1 to 7 to include such a subject, and includes: an authentication device of a PAC system receiving access credential information from a credential device over a wireless access network using a cloud-based messaging service; authenticating the access credential information using the authentication device; and allowing or denying access to the physical access portal of the PAC system by the authentication device in accordance with the access credential information.
[0058] In Example 9, the subject of Example 8 is optionally configured such that the authentication device receives a beacon detection message from the beacon reader device of the PAC system, the beacon detection message indicates the detection of a credential device, and in response to the beacon detection message, the authentication device sends an activation message using the cloud-based messaging service to wake up the credential device from low-power mode, and receives the credential information in subsequent cloud-based communication with the credential device.
[0059] In Example 10, the subject of Example 9 optionally includes the beacon reader device detecting a low-energy beacon of a smartphone operating as a Bluetooth® peripheral device, and in response to the detection of the low-energy beacon, the beacon reader device sending a beacon detection message to the authentication device and an activation message to the smartphone.
[0060] In Example 11, the subject of Example 8 optionally includes transmitting a beacon using the beacon transmitting device of the PAC system, the authentication device receiving a request from the credential device to open a communication session via the cloud-based messaging service, and receiving the credential information in subsequent cloud-based messaging using the credential device.
[0061] In Example 12, the subject of Example 11 optionally includes transmitting a Bluetooth® low-energy beacon and receiving a request to open the communication session from a smartphone acting as a Bluetooth® central device.
[0062] In Example 13, the subject matter of one or any combination of Examples 8 to 12 optionally includes the authentication device receiving sensor data from one or more sensors via a LAN, authenticating the user of the credential device to access the physical portal, comparing the sensor data with biometric data, and allowing or denying the authentication device access to the physical portal according to the access credentials and the sensor data.
[0063] In Example 14, the subject of Example 13 optionally includes authentication of the user by an authentication device including a server having memory for storing the biometric information. In Example 15, one or both of the themes of Examples 13 and 14 optionally include controlling access to the physical access portal using a controller at the physical access portal, in accordance with authentication by an authentication device located away from the physical access portal and including an authentication policy.
[0064] In Example 16, the subject of one or any combination of Examples 13 to 15 optionally includes using the sensor data to determine the access intent of the user of the credential device.
[0065] In Example 17, the subject of Example 16 optionally includes opening a first of several parts of the physical access portal using the controller of the PAC system in accordance with the access intent of the user of the determined credential device.
[0066] Example 18 includes a secure Internet of Things gateway device, which may include a subject (such as a PAC system) or, optionally, can be combined with one or any combination of Examples 1 to 17 to include such a subject. The secure Internet of Things gateway device includes a physical layer circuit configured to receive authentication data from a plurality of front-end devices over one or more communication networks, and a processing circuit operably connected to the physical layer circuit. The processing circuit includes an authentication engine configured to process the authentication data to determine access to a plurality of physical access portals according to the authentication data, and to control access to the plurality of physical access portals according to the authentication data.
[0067] In Example 19, the subject of Example 18 optionally includes a plurality of front-end devices, each front-end device configured to communicate information with a secure Internet of Things gateway device via one of one or more communication networks. The secure Internet of Things gateway device optionally includes a memory for storing credential information and a plurality of secure elements, each secure element configured to open a secure communication channel with a credential device via one of the plurality of front-end devices and to receive encrypted credential information from the credential device as authentication data. The authentication engine optionally includes a comparison of the received credential information with the stored credential information to grant or deny access to one or more of the plurality of physical access portals.
[0068] In Example 20, the subject of Example 19 optionally includes a secure element that stores an encryption key, and the secure Internet of Things gateway device is configured to transmit the encryption key to the credential device via a front-end device in order to establish a secure communication channel with the credential device.
[0069] In Example 21, the subject of one or any combination of Examples 18 to 20 optionally includes a front-end device configured to be operably connected to one of one or more communication networks and configured to transmit sensor data to the secure Internet of Things gateway device. The secure Internet of Things gateway device optionally includes a memory for storing biometric information, a sensor access service for receiving the sensor data from one or more front-end devices, and an authentication engine configured to compare the received sensor data with the stored biometric information to permit or deny access to one or more of the multiple physical access portals.
[0070] In Example 22, the subject of Example 21 optionally includes a front-end device configured to transmit video data to the secure Internet of Things gateway device, and the sensor access service is configured to receive the video data from the front-end device. The authentication engine is configured to perform facial recognition using the received video data and the stored biometric information to grant or deny access to one or more of the multiple physical access portals.
[0071] In Example 23, the subject of one or any combination of Examples 18 to 22 optionally includes an intent detection engine configured to determine the user's access intent for a credential device according to sensor data.
[0072] The non-restrictive examples above can be combined in any permutation. In this specification, the terms “one” or “one” are used to include one or more, regardless of other examples or uses such as “at least one” or “one or more,” as is common in patent literature. In this specification, the term “or” is used to refer to non-exclusive elements, such that “A or B” includes “A but not B,” “B but not A,” and “A and B,” unless otherwise specified. In this specification, the terms “including” and “in which” are used as plain English equivalents of the terms “comprising” and “wherein,” respectively. Furthermore, in the following claims, the terms “including” and “equipped” are non-restrictive; that is, a system, device, article, composition, formulation, or process comprising more than those enumerated with such terms in the claims is still considered within the scope of the claims. Furthermore, in the following claims, terms such as “first,” “second,” and “third” are used merely as labels and are not intended to impose numerical requirements on their objects.
[0073] The above description is illustrative and not limiting. For example, the above examples (or one or more embodiments thereof) may be used in combination with each other. By considering the above description, other embodiments may be used by those skilled in the art. The abstract is provided so that readers may quickly confirm the nature of the technical disclosure. It is submitted with the understanding that it is not to be used to interpret or limit the scope or meaning of the claims. In the above detailed description, various features may be grouped together to streamline the disclosure. This should not be interpreted as meaning that any disclosed features not described in the claims are essential to any claim. Rather, the subject matter may consist of fewer features than all the features of a particular disclosed embodiment. Accordingly, the following claims are incorporated into the detailed description, and each claim is valid in itself as a separate embodiment, and such embodiments may be combined with each other in various combinations or permutations. The scope should be determined with reference to the appended claims, together with the entire scope of equivalents to which such claims are granted.
Claims
1. A physical access control system (PACS) comprising an authentication device for controlling access to a plurality of physical access portals of the physical access control system, wherein the authentication device is located away from the plurality of physical access portals, and the authentication device is A physical layer circuit configured to communicate with a plurality of front-end devices via one or more communication networks, wherein each of the plurality of front-end devices is associated with a corresponding physical access portal among the plurality of physical access portals and is located locally at the corresponding physical access portal, Multiple secure elements, each of which is together with the authentication engine of the authentication device, Establishing one or more authentication sessions to securely communicate with one or more credential devices via the physical layer circuit and at least one of the plurality of front-end devices, Receiving credential information from one or more credential devices, Processing the credential information in order to determine access permissions for one or more of the aforementioned access portals to the aforementioned one or more credential devices. Multiple secure elements configured to perform the following actions, A processing circuit operably connected to the plurality of secure elements, configured to balance the establishment of the authentication session across the plurality of secure elements and to transmit information that grants access to one or more of the plurality of access portals in accordance with the access permission; A physical access control system equipped with the following features.
2. The physical access control system according to claim 1, further comprising the plurality of front-end devices.
3. The physical access control system according to claim 2, wherein at least one of the plurality of front-end devices is a reader configured to wirelessly receive credential information from a credential device and relay the credential information to the authentication device.
4. The physical access control system according to claim 3, wherein the reader does not analyze the credential information.
5. The physical access control system according to any one of claims 1 to 4, wherein the one or more communication networks include a wired communication network.
6. The physical access control system according to any one of claims 1 to 4, wherein the one or more communication networks include a wireless communication network.
7. The physical access control system according to any one of claims 1 to 4, wherein each of the plurality of secure elements includes a hardware security module (HSM).
8. The physical access control system according to any one of claims 1 to 4, wherein the authentication engine includes authentication logic for determining the access permission to one or more credential devices, and when the authentication logic is updated, the access policy for all of the plurality of physical access portals is updated.
9. A method for controlling access in a physical access control system (PACS), wherein the physical access control system includes an authentication device for controlling access to a plurality of physical access portals of the physical access control system, the authentication device is located away from the plurality of physical access portals and comprises a plurality of secure elements, and the method is The method involves using multiple secure elements to establish an authentication session with multiple credential devices via multiple front-end devices, wherein each of the multiple front-end devices is associated with a corresponding physical access portal among the multiple physical access portals and is located locally within that corresponding physical access portal. The aforementioned multiple secure elements receive credential information from the aforementioned multiple credential devices, Processing the credential information in order to determine access permissions for the credential device to one or more of the aforementioned access portals, Sending information that grants access to one or more of the aforementioned access portals in accordance with the aforementioned access permissions, To balance the establishment of the authentication session across the aforementioned multiple secure elements and A method that includes this.
10. An authentication device for controlling access to a physical access portal of a physical access control system (PACS), wherein the authentication device is located away from the physical access portal, and the authentication device is Receiving a message indicating that the access credentials are located locally to the physical access portal, Using a cloud-based network to establish a secure session with the aforementioned access credentials, Receiving access credential information from the access credentials via the aforementioned cloud-based network, Authenticating the access credential information received from the aforementioned access credential, Sending information to the controller instructing it to allow the user of the access credentials to access the controller via the physical access portal. An authentication device configured to perform the following actions.
11. The authentication device according to claim 10 is configured to receive the message indicating that the access credentials are at the location local to the physical access portal from a beacon reader device local to the physical access portal.
12. The authentication device according to claim 11 is configured to use the cloud-based network to receive the message from the beacon reader device indicating that the access credentials are at the location local to the physical access portal.
13. The authentication device according to any one of claims 10 to 12 is configured to send an activation message to the access credentials in response to receiving the message indicating that the access credentials are at the location local to the physical access portal, the activation message is configured to wake up the access credentials from low power mode.
14. The authentication device according to claim 13, wherein the activation message is further configured to activate an application on the access credentials.
15. The authentication device according to claim 10 is configured to receive from the access credentials a message indicating that the access credentials are at the location local to the physical access portal.
16. The authentication device according to claim 15, wherein the message received from the access credentials is provided in response to the access credentials detecting a beacon signal from a beacon transmitting device located at the local location to the physical access portal.
17. The authentication device according to claim 15 or 16 is configured to use the cloud-based network to receive from the access credentials the message indicating that the access credentials are at the location local to the physical access portal.
18. The authentication device according to any one of claims 10 to 12, 15, and 16 is configured to open the secure session using the access credentials in response to receiving the message indicating that the access credentials are in the local location relative to the physical access portal.
19. A method for controlling access to a physical access portal in a physical access control system (PACS), An authentication device located away from the physical access portal receives a message indicating that the access credentials are located locally relative to the physical access portal. Using a cloud-based network, a secure session is established between the authentication device and the access credentials. The authentication device receives access credential information from the access credentials via the aforementioned cloud-based network, The authentication device authenticates the access credential information received from the access credential, The authentication device transmits information to the controller instructing it to allow access by the user of the access credentials through the physical access portal. A method that includes this.
20. The method according to claim 19, wherein the message indicating that the access credentials are at the location local to the physical access portal is received from a beacon reader device that is local to the physical access portal.
21. The method according to claim 20 further comprises the authentication device sending an activation message to the access credentials in response to receiving the message indicating that the access credentials are at the location local to the physical access portal, wherein the activation message is configured to wake up the access credentials from low power mode.
22. The message indicating that the access credentials are at the location local to the physical access portal is sent in response to the access credentials detecting a beacon signal from a beacon transmitting device at the location local to the physical access portal.