EP1702306B1 - Access control system and method for operating said system - Google Patents
Access control system and method for operating said system Download PDFInfo
- Publication number
- EP1702306B1 EP1702306B1 EP04820940A EP04820940A EP1702306B1 EP 1702306 B1 EP1702306 B1 EP 1702306B1 EP 04820940 A EP04820940 A EP 04820940A EP 04820940 A EP04820940 A EP 04820940A EP 1702306 B1 EP1702306 B1 EP 1702306B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- access control
- access
- mobile telephone
- transmitter
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 230000007246 mechanism Effects 0.000 claims abstract description 17
- 230000008569 process Effects 0.000 claims abstract description 4
- 238000005516 engineering process Methods 0.000 claims description 14
- 230000005540 biological transmission Effects 0.000 claims description 13
- 238000013475 authorization Methods 0.000 claims description 11
- 238000001514 detection method Methods 0.000 claims 1
- 238000012795 verification Methods 0.000 abstract 1
- 238000004891 communication Methods 0.000 description 7
- 230000008901 benefit Effects 0.000 description 5
- 238000010295 mobile communication Methods 0.000 description 4
- 238000012546 transfer Methods 0.000 description 4
- 230000001960 triggered effect Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 3
- 230000004807 localization Effects 0.000 description 3
- 229920001690 polydopamine Polymers 0.000 description 2
- 238000009420 retrofitting Methods 0.000 description 2
- 230000003321 amplification Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000003199 nucleic acid amplification method Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
- 238000011144 upstream manufacturing Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C1/00—Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people
- G07C1/10—Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people together with the recording, indicating or registering of other data, e.g. of signs of identity
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00896—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys specially adapted for particular uses
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/27—Individual registration on entry or exit involving the use of a pass with central registration
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
Definitions
- the present invention relates to an access control system, and a method for its operation.
- the access control system is based on a standard access control system, via which a plurality of access points can be controlled via individual physical locking mechanisms, wherein at each access point at least one reader and an associated controller for controlling the closing mechanism 'is provided.
- at least one access control server is present, which performs a central administration of the access data, and which is in communication with the respective controllers, as well as at least one mobile telephony server in connection with the access control server, which is at least indirectly capable of Sending or receiving data via a mobile phone network to mobile subscribers.
- Access control systems are essentially electronically controlled centralized Systems that monitor, control and manage a large number of access points (passages) in their accessibility.
- Modern access control systems are often based on non-contact technology, ie the access point is no longer a physical key used, but electronically readable media, which are activated by appropriate, provided at the access points reader and read from them.
- These electronically readable media are typically the term RFID (Radio Frequency Identification) known and high-technologies are successfully and reliably, for example in the Applicant under the trade name LEGIC ® has long been in use.
- RFID tag RFID tag
- This technology is particularly suitable for permanent employees, which can be equipped with such an electronic medium, which then allows both access control, possibly also time recording or other applications.
- An access control system comprises several access control devices, in each of which an access code is stored. Specific access codes and access rights for a plurality of access control devices are transmitted from an access control center via a mobile radio network to the mobile communication terminal, for example a mobile telephone of a user. From an access control device to be passed, an access control device identification is transmitted to the mobile communication terminal. In the mobile communication terminal, the access code and the access rights for the access control device to be passed are determined on the basis of the received identification and transmitted to the access control device.
- the access checking device enables access for the user if the received access rights are sufficient and the received access code matches the stored access code.
- a similar access control system is known in which a mobile telephone or a PDA can also be used as the terminal.
- the use of the wireless bluetooth technology is proposed as a means of communication between the mobile phone and the access control device and a central office. Again, the communication between the terminal and the local transmitter at the access control device is used to authenticate and initiate the opening of the access.
- the invention is therefore based on the object to propose an improved in this context access control system, and a method for its operation.
- the access control system is based on a standard access control system, via which a plurality of access points can be controlled via individual physical locking mechanisms, wherein at each access point at least one reader and an associated controller for controlling the closing mechanism 'is provided.
- at least one access control server is present, which performs a central administration of the access data, and which is in communication with the respective controllers, as well as at least one mobile telephony server in connection with the access control server, which is at least indirectly capable of Sending or receiving data via a mobile phone network to mobile subscribers.
- a short-range transmitter is provided at a specified location, which is formed as an independent unit without direct connection to the standard access control system, and which access point-specific identification information sends out so that they are only one near the reception received by the transmitter mobile phone and is used by this at least indirectly for controlling the access control of a specific assigned access point.
- the core of the invention thus consists on the one hand only to allow mobile phones the opening at the access point, which are actually in the immediate vicinity of this transmitter and thus in the immediate vicinity of a specific location. Otherwise, it would be possible to initiate a corresponding procedure with a mobile phone without being physically present or at a specified location. This is a security hole. In the present case, this is now prevented by only a corresponding opening request can be placed by the mobile phone when it over a corresponding interface, the identification information of Sender receives.
- the specific location may be the immediate vicinity of the assigned access point, in which case the positioning of the transmitter is preferably carried out so that the mobile phone can only receive this transmitter if it is located immediately before the access point.
- a transmitter may be placed in a surveillance room or other work space so that personnel, when in that interception room, can open one or more access points via a mobile telephone.
- a transmitter may be placed in a surveillance room or other work space so that personnel, when in that interception room, can open one or more access points via a mobile telephone.
- Receiving the identification information of the sender also involves an additional simplification and an increase in security in other respects. Without a corresponding local identifier, the user of the mobile phone, unless he is authorized to access only a single access point, must at a certain moment enter an identifier of the specific access point on his mobile telephone. This process is on the one hand tedious and on the other hand prone to error as well as manipulatable.
- the cell information of the mobile phone in question for such a localization it turns out in practice, however, that on the one hand, the cell information is usually local for individual access points too little accurate (different passages in the same cell), and that of a specific Users just used cell may also be different depending on the mobile phone operator and also would have to be updated with changing cells in the access control system always.
- Another significant advantage of the proposed method is that actually not the mobile phone is used as a so-called "trusted device", but that only a mobile phone associated phone number, as received by Access Control server respectively from the associated mobile telephony server, for authentication, if necessary in combination with a PIN code is used. In other words, no specific data is stored on the mobile phone, and it may be possible to use another mobile phone for the same access authorizations, for example, as long as the same SIM card is used.
- the term mobile telephone basically means devices which on the one hand are able to exchange data with the access control system via a mobile telephone network, for example the GSM network, and which, on the other hand capable of receiving the signals transmitted by the transmitter, d. H. which have an appropriate interface. It does not necessarily have to be a mobile phone in the traditional sense, it can also be a PDA (Personal Digital Assistant) or another computer, as long as he has the above-mentioned possibilities of communication with the transmitter or the access control system.
- a mobile telephone network for example the GSM network
- PDA Personal Digital Assistant
- the transmitter is a Bluetooth device, in particular preferably with a range of less than 10 meters.
- Modern mobile phones usually have Bluetooth interfaces, and accordingly it proves to be particularly simple, since no additional user-side hardware is required to design the respective transmitter at the access point as a Bluetooth device.
- the Bluetooth standard automatically performs a constant polling and continuous reception of 48-bit addresses specifically assigned to each device. If such a mobile phone thus comes within the range of another Bluetooth device, they automatically exchange each other's ID (48-bit address). This fact is exploited according to the invention for "localization".
- a Bluetooth device is arranged. The ID of this device is assigned in the system to the reader or the access point.
- the identification information is preferably a hardware-specific, unambiguous address of the transmitter, in particular preferably a device-specific 48-bit address of a Bluetooth device.
- WLAN wireless local area network
- Wi-fi wireless local area network
- Wi-fi wireless local area network
- Wi-fi wireless local area network
- IEEE 802.11 the IEEE 802.11 standard
- Medium Access Mode Devices operating on the 802.11b variant transmit data via radio waves in the license-free ISM band at 2.4 GHz with a gross transmission rate of up to 11 Mbps.
- Bluetooth / WLAN transmitter assigned to the passage. This may be physically the same, but also at a different location compared to the reader (eg truck access or interstitial space). This also eliminates the need to enter the pass number (automatically known via Bluetooth ID or Wi-Fi ID, when installing the Bluetooth / WLAN device at the access point, the system only needs to specify the corresponding correlation between Bluetooth / WLAN ID and access point once). If necessary with a PIN or another authentication, this ID is now sent to the access control server.
- the transmitter can be designed as an independent unit, also equipped with an individual power supply, since to a certain extent it serves only to generate the localization information on the mobile telephone.
- the transmitter as mentioned preferably a Bluetooth or a WLAN device, thus has no direct connection with the standard access control system and / or preferably the mobile telephony server.
- the transmission of an ID can be done on a very short time scale of less than a few seconds, while typically building an effective Bluetooth connection takes about 10 seconds. This is usually a too long period of time in practice.
- only a very specific aspect of the Bluetooth technology is used, which to a certain extent takes advantage of access control advantages without having to accept the disadvantages such as slow connection setup.
- the access control system is an access control system that mainly manages access control using standard technology.
- the standard access control system thus allows, for example, the access control using means without mobile telephony, in particular on the basis of RFID technology in the main.
- the transmitter may be advantageous to design the transmitter such that the transmitter additionally has a connection to the controller, so that in the event of a failure of the connection between the controller and the access control server transmits user-specific identification information from the mobile phone to the transmitter and This can be passed to the controller for controlling the closing mechanism. While in other words during normal operation the transmitter acts exclusively as a transmitter, and thus Information is only transmitted from the sender to the mobile phone, the reverse route can also be released in emergency situations, ie it is possible to transfer information from the mobile phone to the transmitter, which then acts as a receiver.
- the present invention relates to a method for access control, particularly preferably using an access control system, as described above.
- a standard access control system is provided, via which a plurality of access points can be controlled via individual physical locking mechanisms, wherein at each access point preferably at least one reader and a related controller for controlling the closing mechanism 'is provided.
- at least one access control server is present, which performs a central administration of the access data, and which is in communication with the respective controllers.
- at least one mobile telephony server is present in connection with the access control server, which is at least indirectly able to send data via a mobile telephone network to mobile telephone subscribers or to receive from these, whereby this mobile telephony server is also an integral part of the Access Control server.
- at least one access point or more generally a short-range transmitter is placed at a specific location.
- the procedure is now such that a mobile telephone is authorized to access certain access points in a certain period of time via the access control server or via the mobile telephony server via the mobile telephone network.
- This process can be triggered by appropriate personnel.
- the transmitter at the corresponding access point or more generally at the specific location transmits access point-specific identification information continuously or in sections such that it can be received by a mobile telephone located only in the immediate vicinity of the access point (if the transmitter is located in the vicinity thereof) or of the transmitter ( Control of the physical presence at the access point or at the transmitter).
- the sender located mobile phone now detects the identifier of this access point on this identification information, and then automatically via mobile phone, mobile phone network, mobile telephony server, access control server, respectively controller causes the opening of the corresponding access point under direct or indirect use of this identification information.
- the transmission of data is done by the mobile phone preferably via the mobile phone network either as a telephone transmission or as an email or SMS (Short Message Service, short message service, CEPT standard for short text messages, ie up to 160 alphanumeric characters) Mobile phones in the GSM network, which are displayed on the mobile phone display).
- SMS Short Message Service, short message service, CEPT standard for short text messages, ie up to 160 alphanumeric characters
- the mobile telephone after the identification information has been acquired, the mobile telephone additionally requires the input of an authentication such as, in particular, a PIN code, password, biometric information, and this user-specific information is then sent via the mobile telephone network to the user along with the identifier of the access point to be processed Handing over the mobile telephony server and the access control server. Then, with the appropriate authorization, the associated controller is activated or the closing mechanism is triggered.
- an authentication such as, in particular, a PIN code, password, biometric information
- the transmitter is preferably a Bluetooth or a WLAN device, which transmits its unique 48-bit address as an identification information. This 48-bit address is used to identify the corresponding access point.
- the mobile phone has a Bluetooth interface, whereby the mobile phone automatically enters into an appropriate dialogue with the mobile phone user upon receiving specific authorized 48-bit addresses that correspond to, ie, are recognized by the authorized access points entry. If necessary, an authentication of the user is subsequently requested (eg PIN code). In any case, an opening request of the specific access point will then be transmitted via the mobile telephone network to the mobile telephony server or the access control server. After the authorization has been checked, the access control server will then trigger the controller, if the authorization has been granted.
- the security can be further improved if, according to a further preferred embodiment of the inventive method, the Bluetooth resp. WLAN device is arranged in the area of the access point, that the reception of the identification information by a mobile phone only at a distance of less than 1m, preferably less than 0.5m outside and before the access point is possible.
- the time recording system has a standard time recording system, which comprises at least one time recording server, which performs a central administration of the time data; it also has at least one mobile telephony server in connection with the time registration server, which is at least indirectly able to send and receive data via a mobile telephone network to mobile subscribers, and this mobile telephony server also integral part of the time recording server.
- the time recording system is characterized in that at least one authorized area has a short-range transmitter which transmits area-specific identification information in such a way that it is received only by a mobile telephone located in the immediate vicinity of the authorized area and at least indirectly manipulated by the latter Time data is used.
- a short-range transmitter which transmits area-specific identification information in such a way that it is received only by a mobile telephone located in the immediate vicinity of the authorized area and at least indirectly manipulated by the latter Time data is used.
- the method comprises a standard time recording system, with at least one time recording server, which performs a central administration of the time data; Furthermore, at least one mobile telephony server is present in connection with the time registration server, which is at least indirectly able to send and receive data via a mobile telephone network to mobile telephone subscribers, whereby this mobile telephony server is also an integral part the time tracking server can be In addition, at least one authorized area has a short range transmitter.
- the method is now characterized in particular by the fact that a mobile telephone for entering time data in certain authorized areas is authorized in at least one specific time period via the time recording server or via the mobile telephony server via the mobile telephone network that the transmitter is area-specific identification information such that it can only be received by a mobile telephone located in the immediate vicinity of the authorized area, that a mobile telephone located in the immediate vicinity of the area detects the identification of this area via this identification information, and that subsequently via mobile telephone, mobile telephone network , Mobile telephony server time data to the time attendance server be transmitted or queried by the latter.
- the present invention also relates to a specific data processing program (software) which is capable of running on a mobile telephone and which allows implementation of an access control method as described above.
- the data processing program is capable of automatically transmitting the identification information received from the sender, if appropriate in combination with another identification such as PIN code or the like, to the access control.
- the present invention relates to a mobile phone or in principle another device on which such a data processing program is loaded, or from which such a data processing program can be downloaded.
- FIG. 1 shows a schematic representation of an access control system.
- Fig. 1 shows a schematic representation of an access control system. From this illustration, the invention will be explained, without thereby limiting the breadth of the protection, as formulated in the claims.
- the access control system comprises an access control server 4, on which the access authorizations are defined and managed.
- the access control server 4 can also simultaneously take over time control, ie store and manage the corresponding time data in a person-specific manner.
- the Access Control server 4 is on the one hand connected to a plurality of access points, ie passages 1 and 1 'respectively. He manages the access, ie the possible opening and / or closing of these access points.
- a controller 3 is initially arranged at the individual access points 1, which, inter alia, serves as an interface to the access control server 4, and on which certain information of the access control server is mirrored, depending on the design of the system.
- the controllers 3 assume the task of processing the data received by a reader 3, and to use these either directly or only after appropriate consultation of the access authorizations on the access control server 4. Use here means that the controller 3 physically activates corresponding closing mechanisms 8, ie, for example, by returning bars or the like, so that the access point, ie the passage 1, can be opened by the user.
- the access control system described up to this point is an access control system according to the prior art.
- Such access control systems can be used in combination with electronic, mechatronic and / or mechanical components there, and, for example, by the applicant under the trade name Kaba exos ® in combination with RFID technology under the name LEGIC ® available.
- each access point 1 is a Bluetooth or alternatively resp. additionally wireless LAN (WLAN) device 9 arranged.
- This device 9 is provided in the area of the access point 1 such that a corresponding receiver, such as a mobile phone 7 with a Bluetooth or WLAN interface, this device 9 only receives when the mobile phone 7 is disposed substantially immediately before the passage 1 ,
- Bluetooth is basically a protocol for wireless (wireless) data transmission.
- the standard is used for data transmission by shortwave radio in the globally license-free ISM network (2.45 GHz, as in IEEE 802.11b) with a maximum range of 10 m, by amplification up to a maximum of 100m (usually not provided in this case).
- the transmission speed reaches 1Mbps.
- the connection type is one-to-one.
- voice channels are also available.
- PANs Personal Area Network
- d. H. for very local personal wireless networks, which are as automatic as possible, d. H. without specific influence of the user to be built. This refers to the close range of a maximum of ten meters around one person.
- the wired data transfer should be superfluous. This can be used to install wireless local area networks, for example, or to enable data transfer between mobile and stationary devices. The data exchange can also take place automatically as soon as the range is undershot. Another area of application is networking in the private sector.
- Bluetooth To be Bluetooth enabled, the devices must be equipped with a Bluetooth chip for send and receive control.
- the Bluetooth standard was specified by the Bluetooth Special Interest Group, Bluetooth 1.0 in July 1999. The standard is open. Each device has a unique 48-bit address, which is constantly communicated to the outside. If two Bluetooth-enabled devices come in close enough contact, they swap according to. Log automatically the corresponding ID addresses.
- Wireless LAN is another open standard (IEEE 802.11) for wireless data transmission and, in contrast to Bluetooth, will be used more often, especially with larger data volumes and distances.
- IEEE 802.11 wireless data transmission and a respectively unique identifier are used and the WLAN is therefore also suitable for the proposed method.
- WLAN interfaces e.g., mobile-phone-capable PDAs.
- the Bluetooth or the WLAN standard thus offers a very wide range of communication options.
- the Bluetooth / WLAN device 9 but only used to serve as a transmitter, d. H. it is only exploited the property that such a device 9 constantly sends out its unique address. This, as already mentioned, to ensure the physical presence of the mobile phone in the area of the access point 1 and to convey the identity of the access point.
- Retrofitting the conventional access control system with such Bluetooth or WLAN devices 9 is extremely simple. Essentially, it consists in such a device 9 to be attached to each optionally be released input such that a reception by a mobile phone 7 is only possible directly in front of the entrance 1. Typically, reception of the specific ID of the device 9 by a mobile telephone 7 should only be possible if the mobile telephone 7 is closer than one meter in front of the entrance 1.
- the device 9 does not have to be physically integrated into the access control system in any way, ie it is not necessary to connect the device 9 to the controller 3, for example, and to coordinate with it.
- the device 9 is arranged only in the region of the passage 1 and, for example, can also be supplied via a separate power supply.
- the only step that is required afterwards is one Assigning the unique address of a specific device 9 to a specific passage 1. For this purpose, it is sufficient to read this ID once, and then allocate this ID to the specific input 1 in the access control server 4. So to a certain extent a virtual access point is created.
- An administrator of the access control system is then directly or indirectly on the Access Control server 4 instead of or in addition to the RFID medium, the mobile number. the person e.g. at an operator station 10, and assigns this mobile phone no.
- the authorization is granted to use the main entrance of the building complex during the given afternoon.
- the unique addresses assigned to the main entrances of the building complex of the Bluetooth / WLAN devices 9 arranged at these main entrances are either transmitted directly to the person's mobile telephone, normally together with a software executable on the mobile telephone (eg Java) and deposited thereon; Alternatively, and this solution is preferred insofar as no data is stored on the mobile phone and thus possibly the mobile phone can be changed as long as the same mobile phone number is assigned, this software is not assigned addresses of the allowed devices 9 only on the Access control system provided such that at a first contact of the mobile phone of the person (for example, if this is located in front of the door and a corresponding mobile phone number for the first time) with the access control server or its GSM server 5, the associated software automatically the mobile phone is handed over.
- a software executable on the mobile telephone eg Java
- the person's Bluetooth-enabled mobile phone automatically receives the unique address of the device of that specific main entrance. If the corresponding software has already been stored on the mobile phone, the mobile phone now recognizes such a sender. It is now, if necessary, automatically triggered the associated software on the mobile phone 7, and, if necessary, the person, for example, for security reasons additionally queried the input of a PIN code. If this has entered the PIN code, the PIN code is transmitted automatically from the mobile phone to the access control system together with the unique address of the specific Bluetooth / WLAN device 9 of the specific main entrance.
- the access control server 4 now checks whether this mobile telephone 7 or this mobile telephone number is bound because the identifier is not bound to the device but to the number assigned to the mobile telephone at this point in time (due to the unique address, respectively) a corresponding information generated from this address) is authorized, and whether the entered PIN code is correct. If all conditions are met, the access control server 4 will control the associated controller 3 in such a way that the closing mechanism 8 of the passage 1 is influenced in such a way that the person can enter.
- Another advantage of the method is that the person can change their personal mobile phone 7 at any time without losing their privileges. It is only important that the SIM card and thus the phone number of the used mobile phone remains the same. Especially with the use of two or more mobile phones 7 with a mobile phone number has the advantage to wear. This flexibility is possible because on the mobile phone 7 no data of the access control system, at most the software mentioned, but which is automatically re-downloaded whenever necessary, are stored and the transmitter 9 does not need to know the unique Bluetooth / WLAN address of the mobile phone 7 , In pure Bluetooth based Access control systems, this problem is very expensive solvable.
- the method also allows identification at any distance to the passage 1, as long as the mobile phone is in sufficient proximity to a Bluetooth / WLAN transmitter, ie as long as the mobile phone is in a specific and defined area.
- a wide-area solution without limits can be realized, which is still localized.
- This variant is possible in particular because the transmitter 9 does not have to be connected to the controller 3 and, in addition, if necessary, several transmitters 9 are possible per access point. Factory accesses to suppliers are such an example or remote opening of a passageway 1 by a system operator who does not have access to his operator station 10 but is within the reach of the transmitter 1 associated with this passageway 1 among others.
Abstract
Description
Die vorliegende Erfindung betrifft ein Zutrittskontrollsystem, sowie ein Verfahren zu dessen Betrieb. Das Zutrittskontrollsystem basiert auf einem Standard-Zutrittskontrollsystem, über welches eine Vielzahl von Zutrittspunkten über jeweils individuelle physikalische Schliessmechanismen kontrolliert werden können, wobei bei jedem Zutrittspunkt wenigstens ein Leser sowie ein damit in Verbindung stehender Controller zur Steuerung des Schliessmechanismus' vorgesehen ist. Weiterhin ist wenigstens ein Access Control-Server vorhanden, welcher eine zentrale Verwaltung der Zutrittsdaten vornimmt, und welcher mit den jeweiligen Controllern in Verbindung steht, sowie wenigstens ein Mobiltelefonie-Server in Verbindung mit dem Access Control-Server, welcher wenigstens indirekt in der Lage ist, Daten über ein Mobiltelefon-Netz an Mobiltelefon-Teilnehmer abzusetzen respektive von diesen zu empfangen.The present invention relates to an access control system, and a method for its operation. The access control system is based on a standard access control system, via which a plurality of access points can be controlled via individual physical locking mechanisms, wherein at each access point at least one reader and an associated controller for controlling the closing mechanism 'is provided. Furthermore, at least one access control server is present, which performs a central administration of the access data, and which is in communication with the respective controllers, as well as at least one mobile telephony server in connection with the access control server, which is at least indirectly capable of Sending or receiving data via a mobile phone network to mobile subscribers.
Zutrittskontrollsysteme sind im wesentlichen elektronisch gesteuerte zentralisierte Systeme, welche eine Vielzahl von Zutrittspunkten (Durchgängen) in deren Zugänglichkeit überwachen, steuern und verwalten. Moderne Zutrittskontrollsysteme beruhen dabei häufig auf berührungsloser Technologie, d. h. beim Zutrittspunkt wird nicht mehr ein physikalischer Schlüssel verwendet, sondern elektronisch lesbare Medien, welche durch entsprechende, an den Zutrittspunkten vorgesehene Leser aktiviert und von diesen ausgelesen werden. Diese elektronisch lesbare Medien sind typischerweise unter dem Begriff RFID (Radio Frequency Identification) bekannt und hochstehende Technologien sind beispielsweise bei der Anmelderin unter dem Handelsnamen LEGIC® erfolgreich und zuverlässig seit längerer Zeit in Anwendung.Access control systems are essentially electronically controlled centralized Systems that monitor, control and manage a large number of access points (passages) in their accessibility. Modern access control systems are often based on non-contact technology, ie the access point is no longer a physical key used, but electronically readable media, which are activated by appropriate, provided at the access points reader and read from them. These electronically readable media are typically the term RFID (Radio Frequency Identification) known and high-technologies are successfully and reliably, for example in the Applicant under the trade name LEGIC ® has long been in use.
Bei Verwendung eines RFID Mediums wird im Rahmen eines derartigen Zutrittskontrollsystems normalerweise wie folgt vorgegangen: ,When using an RFID medium, the normal procedure under such an access control system is as follows:
Eine Person steht vor dem Leser des Durchganges (Zutrittspunkt), für welchen sie Zutritt erlangen möchte. Sie präsentiert ihr Medium (RFID-Tag) und das System prüft, ob das Medium bekannt ist, ein Profil vorhanden ist und dieses den Zutritt zu diesem Zeitpunkt zulässt. Wenn OK, wird das am Leser signalisiert und die Tür einmalig durch den Controller freigegeben.A person stands in front of the reader of the passage (access point) for which they want to gain access. She presents her medium (RFID tag) and the system checks whether the medium is known, if a profile is available and if it allows access at this time. If OK, this is indicated on the reader and the door is released once by the controller.
Diese Technologie eignet sich insbesondere bei ständigen Mitarbeitern, welche einmal mit einem derartigen elektronischen Medium ausgestattet werden können, welches anschliessend sowohl Zutrittskontrolle, gegebenenfalls zudem Zeiterfassung oder weitere Applikationen, ermöglicht.This technology is particularly suitable for permanent employees, which can be equipped with such an electronic medium, which then allows both access control, possibly also time recording or other applications.
In zunehmendem Masse wird es in heutiger Zeit aber erforderlich, auch kurzfristig Zutrittsberechtigungen an Servicepersonal oder Ähnliches zu vergeben, dies gegebenenfalls in Notsituationen auch auf einer sehr kurzen Zeitskala, was die Abgabe von entsprechenden physikalischen Medien (zum Beispiel RFID-Tags) so gut wie verunmöglicht. Zudem beinhaltet jede Abgabe von entsprechenden Medien das Risiko eines Verlustes und damit von Sicherheitslücken.Increasingly, however, it is necessary in the present time to grant access authorizations to service personnel or the like at short notice, possibly also in emergency situations on a very short time scale, which makes it virtually impossible to deliver corresponding physical media (for example RFID tags) , In addition, each delivery of appropriate media involves the risk of loss and thus of security vulnerabilities.
In neuerer Zeit ist entsprechend die Tendenz und das Bedürfnis aufgekommen, gegebenenfalls Mobiltelefone (Handys) als Ersatz oder zumindest Ergänzung für diese elektronischen Medien zu verwenden. In diesem Fall wird typischerweise wie folgt vorgegangen:
- Eine Person gibt die Durchgangsnummer (d. h. eine Kennung des spezifischen Zutrittspunkts), für welchen sie Zutritt erlangen möchte, in einem Handy Dialog ein. Sie bestätigt die Eingabe gegebenenfalls mit ihrem persönlichen PIN Code. Diese Daten werden über das Mobiltelefon-Netz an den Zutrittssystem Server (Access Control-Server) gesendet. Dort wird geprüft, ob die Handynummer bekannt ist, der PIN Code korrekt ist, ein Profil vorhanden ist (ist diese Handynummer mit diesem PIN Code zu diesem spezifischen Zeitpunkt an diesem spezifischen Zutrittspunkt autorisiert) und dieses den Zutritt zu diesem Zeitpunkt zulässt. Wenn OK, wird das am Leser signalisiert und die Tür einmalig durch den Controller freigegeben (hier ausgelöst durch den Server).
- A person enters the transit number (ie, a specific access point identifier) for which they wish to gain access in a mobile phone dialogue. If necessary, it confirms the entry with her personal PIN code. These data are sent via the mobile phone network to the access system server (access control server). There it is checked if the mobile number is known, if the PIN code is correct, if there is a profile (this mobile number is authorized with this PIN code at this specific point in time at this specific access point) and this allows access at this time. If OK, this is signaled on the reader and the door is released once by the controller (triggered here by the server).
Aus der
Die Zutrittskonfrollvorrichtung schaltet dem Benutzer den Zutritt frei, falls die empfangenen Zutrittsrechte ausreichen und der empfangene Zutrittscode mit dem gespeicherten Zutrittscode übereinstimmt.The access checking device enables access for the user if the received access rights are sufficient and the received access code matches the stored access code.
Aus der
Der Erfindung liegt demnach die Aufgabe zugrunde, ein in diesem Zusammenhang verbessertes Zutrittskontrollsystem, sowie ein Verfahren zu dessen Betrieb vorzuschlagen. Das Zutrittskontrollsystem basiert auf einem Standard-Zutrittskontrollsystem, über welches eine Vielzahl von Zutrittspunkten über jeweils individuelle physikalische Schliessmechanismen kontrolliert werden können, wobei bei jedem Zutrittspunkt wenigstens ein Leser sowie ein damit in Verbindung stehender Controller zur Steuerung des Schliessmechanismus' vorgesehen ist. Weiterhin ist wenigstens ein Access Control-Server vorhanden, welcher eine zentrale Verwaltung der Zutrittsdaten vornimmt, und welcher mit den jeweiligen Controllern in Verbindung steht, sowie wenigstens ein Mobiltelefonie-Server in Verbindung mit dem Access Control-Server, welcher wenigstens indirekt in der Lage ist, Daten über ein Mobiltelefon-Netz an Mobiltelefon-Teilnehmer abzusetzen respektive von diesen zu empfangen.The invention is therefore based on the object to propose an improved in this context access control system, and a method for its operation. The access control system is based on a standard access control system, via which a plurality of access points can be controlled via individual physical locking mechanisms, wherein at each access point at least one reader and an associated controller for controlling the closing mechanism 'is provided. Furthermore, at least one access control server is present, which performs a central administration of the access data, and which is in communication with the respective controllers, as well as at least one mobile telephony server in connection with the access control server, which is at least indirectly capable of Sending or receiving data via a mobile phone network to mobile subscribers.
Die Lösung dieser Aufgabe wird dadurch erreicht, dass an einem spezifizierten Ort ein kurzreichweitiger Sender vorhanden ist, welcher als unabhängige Einheit ohne direkte Verbindung mit dem Standard-Zutrittskontrollsystem ausgebildet ist, und welcher Zutrittspunkt-spezifische Identifikationsinformation derart aussendet, dass sie von einem nur in Empfangsnähe des Senders befindlichen Mobiltelefon empfangen und von diesem wenigstens indirekt zur Steuerung der Zutrittskontrolle eines spezifischen zugeordneten Zutrittspunkts verwendet wird.The solution to this problem is achieved in that a short-range transmitter is provided at a specified location, which is formed as an independent unit without direct connection to the standard access control system, and which access point-specific identification information sends out so that they are only one near the reception received by the transmitter mobile phone and is used by this at least indirectly for controlling the access control of a specific assigned access point.
Der Kern der Erfindung besteht somit darin, einerseits nur Mobiltelefonen die Öffnung am Zutrittspunkt zu erlauben, welche auch tatsächlich in unmittelbarer Nähe dieses Senders und damit in unmittelbarer Nähe eines spezifischen Orts sind. Andernfalls wäre es nämlich möglich, einen entsprechenden Ablauf mit einem Mobiltelefon auszulösen, ohne physisch vor Ort oder an einem spezifizierten Ort zu sein. Dabei handelt es sich um eine Sicherheitslücke. Im vorliegenden Fall wird dies nun verhindert, indem nur eine entsprechende Öffnungsanfrage durch das Mobiltelefon abgesetzt werden kann, wenn es über eine entsprechende Schnittstelle die Identifikationsinformation des Senders empfängt.The core of the invention thus consists on the one hand only to allow mobile phones the opening at the access point, which are actually in the immediate vicinity of this transmitter and thus in the immediate vicinity of a specific location. Otherwise, it would be possible to initiate a corresponding procedure with a mobile phone without being physically present or at a specified location. This is a security hole. In the present case, this is now prevented by only a corresponding opening request can be placed by the mobile phone when it over a corresponding interface, the identification information of Sender receives.
Beim spezifischen Ort kann es sich dabei einerseits um die unmittelbare Nähe des zugeordneten Zutrittspunkts handeln, wobei in diesem Fall die Positionierung des Senders bevorzugt so vorgenommen wird, dass das Mobiltelefon diesen Sender nur empfangen kann, wenn es sich unmittelbar vor dem Zutrittspunkt befindet.On the one hand, the specific location may be the immediate vicinity of the assigned access point, in which case the positioning of the transmitter is preferably carried out so that the mobile phone can only receive this transmitter if it is located immediately before the access point.
Andererseits ist es aber auch möglich, den Sender bewusst dem Zutrittspunkt vorgelagert anzuordnen, beispielsweise im Falle einer Zufahrt derart, dass ein Lastwagenfahrer ohne auszusteigen mit seinem Mobiltelefon einen Zugang öffnen kann. Eine grundsätzlich andere Alternative besteht darin, einen bestimmten Bereich zur Autorisierung eines spezifischen Zuganges freizugeben. So kann zum Beispiel ein Sender in einem Überwachungsraum oder einem anderen Arbeitsraum angeordnet werden, so dass Personal, wenn es sich in diesem Überwachungsraum befindet, über ein Mobiltelefon eine oder mehrere Zutrittspunkte öffnen kann. Insbesondere in diesem Fall ist es auch möglich, einem Sender mehrere Zutrittspunkte zuzuordnen. In diesem Fall muss aber anschliessend bei der Autorisierung über den Access Control-Server noch angegeben werden, welcher der der gleichen Identifikation zugeordneten Zutrittspunkte geöffnet werden soll.On the other hand, it is also possible to deliberately arrange the transmitter upstream of the access point, for example in the case of a driveway in such a way that a truck driver can open an access without getting out with his mobile phone. A fundamentally different alternative is to release a specific area to authorize a specific access. For example, a transmitter may be placed in a surveillance room or other work space so that personnel, when in that interception room, can open one or more access points via a mobile telephone. In particular, in this case, it is also possible to assign a transmitter several access points. In this case, however, after authorization via the Access Control server, it must be specified which of the access points assigned to the same identification should be opened.
Der Empfang der Identifikationsinformation des Senders beinhaltet aber andererseits auch eine zusätzliche Vereinfachung und Erhöhung der Sicherheit in anderer Hinsicht. Ohne eine entsprechende lokale Kennung muss der Benutzer des Mobiltelefons, sofern er nicht nur zum Zutritt an einem einzigen Zutrittspunkt berechtigt ist, in einem bestimmten Moment eine Kennung des spezifischen Zutrittspunkts an seinem Mobiltelefon eingeben. Dieser Vorgang ist einerseits mühselig und andererseits fehleranfällig sowie manipulierbar. Grundsätzlich käme für eine derartige Lokalisierung auch die Zelleninformation des Mobiltelefons in Frage, es zeigt sich in der Praxis aber, dass einerseits die Zelleninformation normalerweise für individuelle Zutrittspunkte lokal zu wenig genau ist (unterschiedliche Durchgänge in der gleichen Zelle), und dass die von einem spezifischen Benutzer gerade verwendete Zelle auch je nach Mobiltelefon-Betreiber unterschiedlich sein kann und zudem bei verändernden Zellen im Zutrittskontrollsystem stets nachgeführt werden müsste.Receiving the identification information of the sender, on the other hand, also involves an additional simplification and an increase in security in other respects. Without a corresponding local identifier, the user of the mobile phone, unless he is authorized to access only a single access point, must at a certain moment enter an identifier of the specific access point on his mobile telephone. This process is on the one hand tedious and on the other hand prone to error as well as manipulatable. Basically, the cell information of the mobile phone in question for such a localization, it turns out in practice, however, that on the one hand, the cell information is usually local for individual access points too little accurate (different passages in the same cell), and that of a specific Users just used cell may also be different depending on the mobile phone operator and also would have to be updated with changing cells in the access control system always.
Ein weiterer wesentlicher Vorteil des vorgeschlagenen Verfahrens besteht darin, dass eigentlich nicht das Mobiltelefon als so genanntes "trusted device" verwendet wird, sondern dass nur die einem Mobiltelefon zugeordnete Telefonnummer, wie sie von Access Control-Server respektive vom zugehörigen Mobiltelefonie-Server empfangen wird, zur Authentifikation, gegebenenfalls in Kombination mit einem PIN-Code verwendet wird. Es werden mit anderen Worten keine spezifischen Daten auf dem Mobiltelefon abgelegt, und es ist gegebenenfalls möglich, beispielsweise solange die gleiche SIM-Karte verwendet wird, auch ein anderes Mobiltelefon für die gleichen Zutrittsberechtigungen zu verwenden.Another significant advantage of the proposed method is that actually not the mobile phone is used as a so-called "trusted device", but that only a mobile phone associated phone number, as received by Access Control server respectively from the associated mobile telephony server, for authentication, if necessary in combination with a PIN code is used. In other words, no specific data is stored on the mobile phone, and it may be possible to use another mobile phone for the same access authorizations, for example, as long as the same SIM card is used.
In diesem Zusammenhang muss noch erwähnt werden, dass unter dem Begriff Mobiltelefon grundsätzlich Geräte zu verstehen sind, welche einerseits in der Lage sind, über ein mobiles Telefonnetz, beispielsweise das GSM-Netz, Daten mit dem Access-Control-System auszutauschen, und welche andererseits dazu in der Lage sind, die vom Sender ausgestrahlten Signale zu empfangen, d. h. welche über eine entsprechende Schnittstelle verfügen. Es muss sich entsprechend nicht zwingend um ein Mobiltelefon im klassischen Sinne handeln, es kann sich auch um einen PDA (Personal Digital Assistant) oder einen anderen Computer handeln, solange er über die genannten Möglichkeiten der Kommunikation mit dem Sender respektive dem ZutrittskontrollSystem verfügt.In this context, it must be mentioned that the term mobile telephone basically means devices which on the one hand are able to exchange data with the access control system via a mobile telephone network, for example the GSM network, and which, on the other hand capable of receiving the signals transmitted by the transmitter, d. H. which have an appropriate interface. It does not necessarily have to be a mobile phone in the traditional sense, it can also be a PDA (Personal Digital Assistant) or another computer, as long as he has the above-mentioned possibilities of communication with the transmitter or the access control system.
Gemäss einer ersten bevorzugten Ausführungsform der vorliegenden Erfindung handelt es sich beim Sender um ein Bluetooth-Gerät, insbesondere bevorzugt mit einer Reichweite von weniger als 10 Metern. Moderne Mobiltelefone verfügen normalerweise über Bluetooth-Schnittstellen, und entsprechend erweist es sich als besonders einfach, da keine zusätzliche benutzerseitige Hardware erforderlich ist, die jeweiligen Sender am Zutrittspunkt als Bluetooth-Gerät auszugestalten. Der Bluetooth-Standard führt in automatisierter Weise eine ständige Abfrage und einen ständigen Empfang von den einzelnen Geräten spezifisch zugeordneten, 48-Bit-Adressen durch. Kommt ein solches Mobiltelefon somit in den Bereich eines anderen Bluetooth Gerätes, so wechseln sie gegenseitig automatisch die ID (48-Bit Adresse) aus. Diese Tatsache wird gemäss der Erfindung zur "Lokalisierung" ausgenutzt. Am betroffenen Durchgang (Zutrittspunkt) wird einfach ein Bluetooth Gerät angeordnet. Die ID dieses Gerätes wird im System dem Leser respektive dem Zutrittspunkt zugewiesen. Es handelt sich somit vorzugsweise bei der Identifikationsinformation um eine Hardware-spezifische, eindeutige Adresse des Senders, insbesondere bevorzugt um eine gerätespezifische 48-bit-Adresse eines Bluetooth-Geräts.According to a first preferred embodiment of the present invention, the transmitter is a Bluetooth device, in particular preferably with a range of less than 10 meters. Modern mobile phones usually have Bluetooth interfaces, and accordingly it proves to be particularly simple, since no additional user-side hardware is required to design the respective transmitter at the access point as a Bluetooth device. The Bluetooth standard automatically performs a constant polling and continuous reception of 48-bit addresses specifically assigned to each device. If such a mobile phone thus comes within the range of another Bluetooth device, they automatically exchange each other's ID (48-bit address). This fact is exploited according to the invention for "localization". At the affected passage (access point) simply a Bluetooth device is arranged. The ID of this device is assigned in the system to the reader or the access point. Thus, the identification information is preferably a hardware-specific, unambiguous address of the transmitter, in particular preferably a device-specific 48-bit address of a Bluetooth device.
Eine Alternative oder zusätzliche Möglichkeit besteht darin, einen WLAN-Sender (Wireless Local Area Network, kurz WLAN, auch wi-fi, steht für "drahtloses lokales Netzwerk", wobei meistens der Standard IEEE 802.11 gemeint ist. Dieser Standard spezifiziert mehrere drahtlose Übertragungstechniken und Verfahren zum Mediumzugriff. Geräte, die nach der Variante 802.11b arbeiten, übertragen Daten per Radiowellen im lizenzfreien ISM-Band bei 2,4 GHz mit einer Brutto-Übertragungsrate von bis zu 11 MBit/s) zu verwenden. Vorteilhaft ist diese Lösung insbesondere deshalb, weil derartige WLAN-Geräte gegebenenfalls in einem Gebäude bereits vorhanden sind, und weil zunehmend insbesondere PDAs über entsprechende Schnittstellen verfügen.An alternative or additional option is to use a wireless local area network (WLAN), also known as wi-fi, which means "wireless local area network", which is usually the IEEE 802.11 standard, which specifies several wireless transmission technologies and technologies Medium Access Mode Devices operating on the 802.11b variant transmit data via radio waves in the license-free ISM band at 2.4 GHz with a gross transmission rate of up to 11 Mbps. This solution is advantageous, in particular, because such WLAN devices may already be present in a building, and because, in particular, PDAs increasingly have corresponding interfaces.
Will jetzt eine Person Zutritt mit einem Mobiltelefon erlangen, muss dieses im Bereich jenes Bluetooth/WLAN Senders sein, welcher dem Durchgang zugewiesen ist. Dies kann physikalisch am gleichen, aber auch an unterschiedlichem Ort verglichen mit dem Leser sein (z.B. Lastwagenzufahrt oder Überwachungsraum). Damit erübrigt sich auch die Eingabe der Durchgangsnummer (über Bluetooth ID resp. WLAN-Kennung automatisch bekannt, bei der Installation des Bluetooth/WLAN-Gerätes am Zutrittspunkt muss dem System nur einmal die entsprechende Korrelation zwischen Bluetooth/WLAN ID und Zutrittspunkt angegeben werden). Gegebenenfalls mit einem PIN oder einer anderen Authentifikation wird jetzt diese ID an den Zutrittskontroll-Server gesandt. Im Gegensatz zu bereits bekannten Systemen der Zutrittskontrolle unter Verwendung von Bluetooth-Technologie wird im vorliegenden Fall aber nicht eine effektive Verbindung zwischen dem Mobiltelefon und dem Bluetooth-Gerät am Zutrittspunkt hergestellt, sondern es wird am Zutrittspunkt vom Mobiltelefon nur die ID des Bluetooth-Gerätes ausgelesen, um diese Information anschliessend zur Lokalisierung des Mobiltelefons zu verwenden. Die eigentlich möglichen Übermittlungsfunktionen der Bluetooth- resp. WLAN Schnittstelle werden mit anderen Worten nicht verwendet. Dies unter anderem, da die alleinige Verwendung der Bluetooth-Schnittstelle eine vollständige Integration des Bluetooth-Gerätes am entsprechenden Zutrittspunkt erforderlich und dabei ein Nachrüsten aufwändig macht. Im vorliegenden Fall ist nämlich ein wesentlicher Punkt darin zu sehen, dass ein Standard-Zutrittskontrollsystem in besonders einfacher Weise nachgerüstet werden kann.If a person now wants to gain access to a mobile phone, this must be within the range of the Bluetooth / WLAN transmitter assigned to the passage. This may be physically the same, but also at a different location compared to the reader (eg truck access or interstitial space). This also eliminates the need to enter the pass number (automatically known via Bluetooth ID or Wi-Fi ID, when installing the Bluetooth / WLAN device at the access point, the system only needs to specify the corresponding correlation between Bluetooth / WLAN ID and access point once). If necessary with a PIN or another authentication, this ID is now sent to the access control server. In contrast to already known systems of access control using Bluetooth technology, in the present case, however, an effective connection between the mobile phone and the Bluetooth device at the access point is not established, but only the ID of the Bluetooth device is read out at the access point by the mobile phone to then use this information to locate the mobile phone. The actually possible transmission functions of the Bluetooth resp. WLAN interface will be with others Words not used. This among other things, since the sole use of the Bluetooth interface requires complete integration of the Bluetooth device at the appropriate access point and makes retrofitting consuming. In the present case, an essential point is that a standard access control system can be retrofitted in a particularly simple way.
Der Sender kann im vorliegenden Fall als unabhängige, auch mit einer individuellen Stromversorgung ausgestattete Einheit ausgebildet werden, da er gewissermassen nur zur Erzeugung der Lokalisierungsinformation auf dem Mobiltelefon dient. Der Sender, wie gesagt bevorzugt ein Bluetooth- oder ein WLAN Gerät, verfügt somit über keine direkte Verbindung mit dem Standard-Zutrittskontrollsystem und/oder bevorzugt dem Mobiltelefonie-Server. Ausserdem kann die Übermittlung einer ID auf einer sehr kurzen Zeitskala von weniger als ein paar Sekunden erfolgen, während typischerweise der Aufbau einer effektiven Bluetooth-Verbindung im Bereich von 10 Sekunden dauert. Dies ist in der Regel eine in der Praxis zu lange Zeitspanne. Es wird somit nur ein sehr spezifischer Aspekt der Bluetooth-Technologie verwendet, welcher gewissermassen die Vorteile im Zusammenhang mit Zutrittskontrolle aufgreift, ohne die Nachteile wie beispielsweise langsamer Verbindungsaufbau in Kauf nehmen zu müssen.In the present case, the transmitter can be designed as an independent unit, also equipped with an individual power supply, since to a certain extent it serves only to generate the localization information on the mobile telephone. The transmitter, as mentioned preferably a Bluetooth or a WLAN device, thus has no direct connection with the standard access control system and / or preferably the mobile telephony server. In addition, the transmission of an ID can be done on a very short time scale of less than a few seconds, while typically building an effective Bluetooth connection takes about 10 seconds. This is usually a too long period of time in practice. Thus, only a very specific aspect of the Bluetooth technology is used, which to a certain extent takes advantage of access control advantages without having to accept the disadvantages such as slow connection setup.
Vorzugsweise handelt es sich um ein Zutrittskontrollsystem, welches hauptsächlich Zutrittskontrolle unter Verwendung von Standard-Technologie verwaltet. Das Standard Zutrittskontrollsystem erlaubt somit in der Hauptsache beispielsweise die Zutrittskontrolle unter Verwendung von Mitteln ohne Mobiltelefonie, insbesondere auf Basis von RFID-Technologie.Preferably, it is an access control system that mainly manages access control using standard technology. The standard access control system thus allows, for example, the access control using means without mobile telephony, in particular on the basis of RFID technology in the main.
Für Notfallsituationen ist es gegebenenfalls vorteilhaft, den Sender derart auszugestalten, dass der Sender zusätzlich über eine Verbindung mit dem Controller verfügt, so dass für den Fall eines Ausfalls der Verbindung zwischen Controller und Access Control-Server benutzerspezifische Identifikationsinformation vom Mobiltelefon an den Sender übermittelt und von diesem zur Steuerung des Schliessmechanismus an den Controller übergeben werden kann. Während mit anderen Worten beim normalen Betrieb der Sender ausschliesslich als Sender wirkt, und somit Information nur vom Sender an das Mobiltelefon übermittelt wird, kann in Notfallsituationen auch zusätzlich der umgekehrte Weg freigegeben werden, d. h. es ist möglich, vom Mobiltelefon Information an den Sender, welcher dann als Empfänger wirkt, zu übergeben.For emergency situations, it may be advantageous to design the transmitter such that the transmitter additionally has a connection to the controller, so that in the event of a failure of the connection between the controller and the access control server transmits user-specific identification information from the mobile phone to the transmitter and This can be passed to the controller for controlling the closing mechanism. While in other words during normal operation the transmitter acts exclusively as a transmitter, and thus Information is only transmitted from the sender to the mobile phone, the reverse route can also be released in emergency situations, ie it is possible to transfer information from the mobile phone to the transmitter, which then acts as a receiver.
Weiterhin betrifft die vorliegende Erfindung ein Verfahren zur Zutrittskontrolle, insbesondere bevorzugt unter Verwendung eines Zutrittskontrollsystems, wie es oben beschrieben wurde. Dabei ist ein Standard-Zutrittskontrollsystem vorhanden, über welches eine Vielzahl von Zutrittspunkten über jeweils individuelle physikalische Schliessmechanismen kontrolliert werden können, wobei bei jedem Zutrittspunkt bevorzugt wenigstens ein Leser sowie ein damit in Verbindung stehender Controller zur Steuerung des Schliessmechanismus' vorgesehen ist. Ausserdem ist wenigstens ein Access Control-Server vorhanden, welcher eine zentrale Verwaltung der Zutrittsdaten vornimmt, und welcher mit den jeweiligen Controllern in Verbindung steht. Weiterhin ist wenigstens ein Mobiltelefonie-Server in Verbindung mit dem Access Control-Server vorhanden, welcher wenigstens indirekt in der Lage ist, Daten über ein Mobiltelefon-Netz an Mobiltelefon-Teilnehmer abzusetzen respektive von diesen zu empfangen, wobei dieser Mobiltelefonie-Server auch integraler Bestandteil des Access Control-Servers sein kann. Zudem ist bei wenigstens einem Zutrittspunkt oder allgemeiner an einem spezifischen Ort ein kurzreichweitiger Sender angeordnet.Furthermore, the present invention relates to a method for access control, particularly preferably using an access control system, as described above. In this case, a standard access control system is provided, via which a plurality of access points can be controlled via individual physical locking mechanisms, wherein at each access point preferably at least one reader and a related controller for controlling the closing mechanism 'is provided. In addition, at least one access control server is present, which performs a central administration of the access data, and which is in communication with the respective controllers. Furthermore, at least one mobile telephony server is present in connection with the access control server, which is at least indirectly able to send data via a mobile telephone network to mobile telephone subscribers or to receive from these, whereby this mobile telephony server is also an integral part of the Access Control server. In addition, at least one access point or more generally a short-range transmitter is placed at a specific location.
Erfindungsgemäss wird nun so vorgegangen, dass ein Mobiltelefon zum Zutritt bestimmter Zutrittspunkte in einem bestimmten Zeitraum über den Access Control-Server respektive über den Mobiltelefonie-Server über das Mobiltelefon-Netz autorisiert wird. Dieser Vorgang kann von entsprechendem Personal ausgelöst werden. Der Sender beim entsprechenden Zutrittspunkt oder allgemeiner am spezifischen Ort sendet Zutrittspunkt-spezifische Identifikationsinformation kontinuierlich oder abschnittsweise derart aus, dass sie von einem nur in unmittelbarer Nähe des Zutrittspunkts (wenn der Sender in dessen Nähe angeordnet ist) respektive des Senders befindlichen Mobiltelefon empfangen werden kann (Kontrolle der physischen Präsenz am Zutrittspunkt resp. beim Sender). Ein in unmittelbarer Nähe des Zutrittspunkts resp. des Senders befindliches Mobiltelefon erfasst nun die Kennung dieses Zutrittspunkts über diese Identifikationsinformation, und anschliessend wird automatisiert über Mobiltelefon, Mobiltelefon-Netz, Mobiltelefonie-Server, Access Control-Server, respektive Controller die Öffnung des entsprechenden Zutrittspunktes unter direkter oder indirekter Verwendung dieser Identifikationsinformation veranlasst. Die Übermittlung der Daten geschieht dabei vom Mobiltelefon bevorzugt über das Mobiltelefon-Netz entweder als telefonische Übermittlung oder als Email oder als SMS (Short Message Service, Kurznachrichten-Dienst, CEPT-Standard für kurze Text-Nachrichten, d.h. bis zu 160 alphanumerische Zeichen, an Mobiltelefone im GSM-Netz, die auf dem Handy-Display dargestellt werden).According to the invention, the procedure is now such that a mobile telephone is authorized to access certain access points in a certain period of time via the access control server or via the mobile telephony server via the mobile telephone network. This process can be triggered by appropriate personnel. The transmitter at the corresponding access point or more generally at the specific location transmits access point-specific identification information continuously or in sections such that it can be received by a mobile telephone located only in the immediate vicinity of the access point (if the transmitter is located in the vicinity thereof) or of the transmitter ( Control of the physical presence at the access point or at the transmitter). One in the immediate vicinity of the access point resp. the sender located mobile phone now detects the identifier of this access point on this identification information, and then automatically via mobile phone, mobile phone network, mobile telephony server, access control server, respectively controller causes the opening of the corresponding access point under direct or indirect use of this identification information. The transmission of data is done by the mobile phone preferably via the mobile phone network either as a telephone transmission or as an email or SMS (Short Message Service, short message service, CEPT standard for short text messages, ie up to 160 alphanumeric characters) Mobile phones in the GSM network, which are displayed on the mobile phone display).
Gemäss einer ersten bevorzugten Ausführungsform verlangt das Mobiltelefon nach Erfassung der Identifikationsinformation zusätzlich die Eingabe einer Authentifikation wie insbesondere eines PIN-Codes, Passworts, biometrischer Information, und diese benutzerspezifische Information wird anschliessend zusammen mit der Kennung des zu bearbeitenden Zutrittspunkts über das Mobiltelefon-Netz an den Mobiltelefonie-Server und den Access Control-Server übergeben. Anschliessend wird bei entsprechender Berechtigung der zugehörige Controller aktiviert respektive der Schliessmechanismus ausgelöst.According to a first preferred embodiment, after the identification information has been acquired, the mobile telephone additionally requires the input of an authentication such as, in particular, a PIN code, password, biometric information, and this user-specific information is then sent via the mobile telephone network to the user along with the identifier of the access point to be processed Handing over the mobile telephony server and the access control server. Then, with the appropriate authorization, the associated controller is activated or the closing mechanism is triggered.
Wie bereits weiter oben erwähnt, handelt es sich beim Sender vorzugsweise um ein Bluetooth- oder ein WLAN-Gerät, welches als Identifikationsinfonnation seine eindeutige 48-Bit-Adresse aussendet. Diese 48-Bit-Adresse dient zur Kennung des zugehörigen Zutrittspunkts. Das Mobiltelefon verfügt über eine Bluetooth-Schnittstelle, wobei das Mobiltelefon bei Empfangen spezifischer, im Rahmen der Autorisierung übertragener derartiger 48-Bit-Adressen, welche den autorisierten Zutrittspunkten entsprechen, d. h. von diesem erkannt werden, automatisch in einen entsprechenden Dialog mit dem Mobiltelefon-Benutzer eintritt. Gegebenenfalls wird anschliessend eine Authentifikation des Benutzers angefordert (z. B. PIN-Code). Auf jeden Fall wird anschliessend eine Öffnungsanfrage des spezifischen Zutrittspunkts über das Mobiltelefon-Netz an den Mobiltelefonie-Server respektive den Access Control-Server übennittelt. Nach Überprüfung der Berechtigung wird anschliessend der Access Control-Server, sofern die Berechtigung gegeben ist, eine Auslösung des Controllers vornehmen.As already mentioned above, the transmitter is preferably a Bluetooth or a WLAN device, which transmits its unique 48-bit address as an identification information. This 48-bit address is used to identify the corresponding access point. The mobile phone has a Bluetooth interface, whereby the mobile phone automatically enters into an appropriate dialogue with the mobile phone user upon receiving specific authorized 48-bit addresses that correspond to, ie, are recognized by the authorized access points entry. If necessary, an authentication of the user is subsequently requested (eg PIN code). In any case, an opening request of the specific access point will then be transmitted via the mobile telephone network to the mobile telephony server or the access control server. After the authorization has been checked, the access control server will then trigger the controller, if the authorization has been granted.
Die Sicherheit lässt sich weiterhin verbessern, wenn gemäss einer weiteren bevorzugten Ausführungsform des erfindungsgemässen Verfahrens das Bluetooth- resp. WLAN-Gerät derart im Bereich des Zutrittspunktes angeordnet wird, dass der Empfang der Identifikationsinformation durch ein Mobiltelefon nur in einem Abstand von weniger als 1m, bevorzugt weniger als 0.5m ausserhalb und vor dem Zutrittspunkt möglich ist.The security can be further improved if, according to a further preferred embodiment of the inventive method, the Bluetooth resp. WLAN device is arranged in the area of the access point, that the reception of the identification information by a mobile phone only at a distance of less than 1m, preferably less than 0.5m outside and before the access point is possible.
Weitere bevorzugte Ausfürungsformen des Zutrittskontrollsystems respektive des Verfahrens zur Zutrittskontrolle sind in den abhängigen Ansprüchen beschrieben.Further preferred embodiments of the access control system or the access control method are described in the dependent claims.
Weiterhin offenbart ist ein Zeiterfassungssystem, welches ebenfalls auf der identischen Idee beruht, einen Sender, insbesondere ein Bluetooth-Gerät ausschliesslich dazu zu verwenden, die physische Anwesenheit eines Mobiltelefons zur Öffnung von Datentransfer zu kontrollieren. Das Zeiterfassungssystem verfügt dabei über ein Standard-Zeiterfassungssystem, welches wenigstens einen Zeiterfassungs-Server umfasst, welcher eine zentrale Verwaltung der Zeitdaten vornimmt; es verfügt weiterhin über wenigstens einen Mobiltelefonie-Server in Verbindung mit dem Zeiterfassungs-Server, welcher wenigstens indirekt in der Lage ist, Daten über ein Mobiltelefon-Netz an Mobiltelefon-Teilnehmer abzusetzen respektive von diesen zu empfangen, wobei dieser Mobiltelefonie-Server auch integraler Bestandteil des Zeiterfassungs-Servers sein kann. Das Zeiterfassungssystem zeichnet sich erfindungsgemäss dadurch aus, dass bei wenigstens einem autorisierten Bereich ein kurzreichweitiger Sender vorhanden ist, welcher Bereichs-spezifische Identifikationsinformation derart aussendet, dass sie nur von einem in unmittelbarer Nähe des autorisierten Bereichs befindlichen Mobiltelefon empfangen und von diesem wenigstens indirekt zur Manipulation der Zeitdaten verwendet wird. Auf diese Weise kann sichergestellt werden, dass bei Verwendung von Mobiltelefonen zur Zeiterfassung entsprechende Anfragen respektive Eingaben nur in spezifischen Bereichen ermöglicht sind. So können beispielsweise einzelne Stockwerke oder nur Eingangsbereiche etc. autorisiert werden, was einem Missbrauch vorbeugt.Further disclosed is a time recording system, which is also based on the identical idea of using a transmitter, in particular a Bluetooth device exclusively to control the physical presence of a mobile phone to open data transfer. The time recording system has a standard time recording system, which comprises at least one time recording server, which performs a central administration of the time data; it also has at least one mobile telephony server in connection with the time registration server, which is at least indirectly able to send and receive data via a mobile telephone network to mobile subscribers, and this mobile telephony server also integral part of the time recording server. According to the invention, the time recording system is characterized in that at least one authorized area has a short-range transmitter which transmits area-specific identification information in such a way that it is received only by a mobile telephone located in the immediate vicinity of the authorized area and at least indirectly manipulated by the latter Time data is used. In this way it can be ensured that when using mobile phones for time recording corresponding requests or inputs are only possible in specific areas. For example, individual floors or only entrance areas etc. can be authorized, which prevents misuse.
Weiterhin offenbart ist ein Verfahren zur Zeiterfassung, insbesondere bevorzugt unter Verwendung eines Zeiterfassungssystems, wie es oben beschrieben wurde. Das Verfahren umfasst dabei ein Standard-Zeiterfassungssystem, mit wenigstens einem Zeiterfassungs-Server, welcher eine zentrale Verwaltung der Zeitdaten vornimmt; weiterhin ist wenigstens, ein Mobiltelefonie-Server in Verbindung mit dem Zeiterfassungs-Server vorhanden, welcher wenigstens indirekt in der Lage ist, Daten über ein Mobiltelefon-Netz an Mobiltelefon-Teilnehmer abzusetzen respektive von diesen zu empfangen, wobei dieser Mobiltelefonie-Server auch integraler Bestandteil des Zeiterfassungs-Servers sein kann; ausserdem ist bei wenigstens einem autorisierten Bereich ein kurzreichweitiger Sender vorhanden.Further disclosed is a method for time acquisition, more preferably using a time acquisition system as described above. The method comprises a standard time recording system, with at least one time recording server, which performs a central administration of the time data; Furthermore, at least one mobile telephony server is present in connection with the time registration server, which is at least indirectly able to send and receive data via a mobile telephone network to mobile telephone subscribers, whereby this mobile telephony server is also an integral part the time tracking server can be In addition, at least one authorized area has a short range transmitter.
Das Verfahren ist nun insbesondere dadurch gekennzeichnet, dass ein Mobiltelefon zur Eingabe von Zeitdaten in bestimmten autorisierten Bereichen in wenigstens einem bestimmten Zeitraum über den Zeiterfassungs-Server respektive über den Mobiltelefonie-Server über das Mobiltelefon-Netz autorisiert wird, dass der Sender Bereichs-spezifische Identifikationsinfonnation kontinuierlich oder abschnittsweise derart aussendet, dass sie nur von einem in unmittelbarer Nähe des autorisierten Bereichs befindlichen Mobiltelefon empfangen werden kann, dass ein in unmittelbarer Nähe des Bereichs befindliches Mobiltelefon die Kennung dieses Bereichs über diese Identifikationsinformation erfasst, und dass anschliessend über Mobiltelefon, Mobiltelefon-Netz, Mobiltelefonie-Server Zeitdaten an den Zeiterfassungs-Server übermittelt, respektive von diesem abgefragt werden können.The method is now characterized in particular by the fact that a mobile telephone for entering time data in certain authorized areas is authorized in at least one specific time period via the time recording server or via the mobile telephony server via the mobile telephone network that the transmitter is area-specific identification information such that it can only be received by a mobile telephone located in the immediate vicinity of the authorized area, that a mobile telephone located in the immediate vicinity of the area detects the identification of this area via this identification information, and that subsequently via mobile telephone, mobile telephone network , Mobile telephony server time data to the time attendance server be transmitted or queried by the latter.
Nicht zuletzt betrifft die vorliegende Erfindung ausserdem ein spezifisches Datenverarbeitungsprogramm (Software), welches auf einem Mobiltelefon lauffähig ist, und welches die Durchführung eines Verfahrens zur Zutrittskontrolle wie es oben beschrieben wurde, zu implementieren erlaubt. Das Datenverarbeitungsprogramm ist dazu in der Lage, in automatisierter Weise die vom Sender empfangene Identifikationsinformation, gegebenenfalls in Kombination mit einer weiteren Identifikation wie beispielsweise PIN-Code oder Ähnliches, an die Zutrittskontrolle zu übermitteln. Weiterhin betrifft die vorliegende Erfindung ein Mobiltelefon oder grundsätzlich ein anderes Gerät, auf welchem ein derartiges Datenverarbeitungsprogramm geladen ist, oder von welchem ein derartiges Datenverarbeitungsprogramm heruntergeladen werden kann.Last but not least, the present invention also relates to a specific data processing program (software) which is capable of running on a mobile telephone and which allows implementation of an access control method as described above. The data processing program is capable of automatically transmitting the identification information received from the sender, if appropriate in combination with another identification such as PIN code or the like, to the access control. Furthermore, the present invention relates to a mobile phone or in principle another device on which such a data processing program is loaded, or from which such a data processing program can be downloaded.
Die Erfindung soll nachfolgend anhand von Ausführungsbeispielen im Zusammenhang mit der Zeichnung näher erläutert werden.
Das Zutrittskontrollsystem umfasst einen Access Control-Server 4, auf welchem die Zutrittsberechtigungen festgelegt und verwaltet werden. Der Access Control-Server 4 kann neben Zutrittskontrolle auch gleichzeitig Zeitkontrolle übernehmen, d. h. die entsprechenden Zeitdaten personenspezifisch ablegen und verwalten. Der Access Control-Server 4 ist einerseits mit einer Vielzahl von Zutrittspunkten, d. h. Durchgänge 1 respektive 1' verbunden. Er verwaltet den Zutritt, d. h. die mögliche Öffnung und/oder Schliessung dieser Zutrittspunkte. An den einzelnen Zutrittspunkten 1 ist dazu zunächst ein Controller 3 angeordnet, welcher u.a. als Interface zum Access Control-Server 4 dient, und auf welchem je nach Ausgestaltung des Systems gewisse Informationen des Access Control-Servers gespiegelt sind. Die Controller 3 übernehmen einerseits die Aufgabe, die von einem Leser 3 empfangenen Daten zu verarbeiten, und diese entweder direkt oder erst nach entsprechender Rücksprache der Zutrittsberechtigungen auf dem Access Control-Server 4 zu benutzen. Benutzen heisst hier, dass der Controller 3 entsprechende Schliessmechanismen 8 physikalisch aktiviert, d. h. beispielsweise Riegel zurückführt oder Ähnliches, so dass der Zutrittspunkt, d. h. der Durchgang 1 vom Benutzer geöffnet werden kann.The access control system comprises an
Beim bis zu diesem Punkt geschilderten Zutrittskontrollsystem handelt es sich um ein Zutrittskontrollsystem nach dem Stand der Technik. Derartige Zutrittskontrollsysteme können dabei in Kombination mit elektronischen, mechatronischen und/oder mechanischen Komponenten verwendet werden, und sind beispielsweise von der Anmelderin unter dem Handelsnamen Kaba exos® in Kombination mit RFID-Technologien unter dem Namen LEGIC® erhältlich.The access control system described up to this point is an access control system according to the prior art. Such access control systems can be used in combination with electronic, mechatronic and / or mechanical components there, and, for example, by the applicant under the trade name Kaba exos ® in combination with RFID technology under the name LEGIC ® available.
Es soll nun davon ausgegangen werden, dass ein derartiges Zutrittskontrollsystem unter Verwendung von RFID-Technologie bereits vorliegt, d. h. die Leser 2 sind darauf ausgelegt, entsprechende RFID-Tags auszulesen. Ein derartiges System soll nun für spezifische Situationen in einfacher Weise nachgerüstet werden, so dass Personen, welche normalerweise in derartig verwalteten Gebäuden nicht zutrittsberechtigt sind, d. h. welche nicht bereits über ein entsprechendes RFID-Gerät verfügen, insbesondere kurz- oder mittelfristig zutrittsberechtigt werden sollen. Zunächst wird dazu eine Möglichkeit vorgesehen, die Zutrittsberechtigungen über Mobiltelefone 7 zu ermöglichen. Dazu muss das Zutrittskontrollsystem zunächst an das Mobiltelefon-Netz angebunden werden. Zu diesem Zweck wird an den Access Control-Server 4 ein GSM-Server 5 (Global System for Mobile Communication) angebunden. Dieser GSM-Server 5 steht wenigstens indirekt mit einer Antenne 6 in Verbindung, welche es erlaubt, mit Mobiltelefonen 7, typischerweise über Relaisstationen etc., zu kommunizieren.It should now be assumed that such an access control system using RFID technology already exists, ie the
Weiterhin ist an jedem Zutrittspunkt 1 ein Bluetooth oder alternativ resp. zusätzlich Wireless LAN (WLAN)-Gerät 9 angeordnet. Dieses Gerät 9 ist dabei im Bereich des Zutrittspunktes 1 derart vorgesehen, dass ein korrespondierender Empfänger, beispielsweise ein Mobiltelefon 7 mit einer Bluetooth oder WLAN-Schnittstelle, dieses Gerät 9 nur dann empfängt, wenn das Mobiltelefon 7 im wesentlichen unmittelbar vor dem Durchgang 1 angeordnet ist.Furthermore, at each access point 1 is a Bluetooth or alternatively resp. additionally wireless LAN (WLAN) device 9 arranged. This device 9 is provided in the area of the access point 1 such that a corresponding receiver, such as a
Bluetooth ist grundsätzlich ein Protokoll für drahtlose (wireless) Datenübertragung. Der Standard dient zur Datenübertragung durch kurzwelligen Funk im global lizenzfrei nutzbaren ISM-Netz (2.45 GHz, wie in IEEE 802.11b) bei einer Reichweite von maximal 10 m, durch Verstärkung bis zu maximal 100m (im vorliegenden Fall in der Regel nicht vorgesehen). Die Übertragungsgeschwindigkeit erreicht 1MBit/s. Der Verbindungstyp ist one-to-one. Ausser einem Datenkanal stehen auch Sprachkanäle zur Verfügung. Vorgesehen ist dieses System insbesondere für so genannte PANs (Personal Area Network), d. h. für sehr lokale persönliche kabellose Netzwerke, welche möglichst automatisch, d. h. ohne spezifische Einflussnahme des Benutzers, aufgebaut werden sollen. Gemeint ist somit der Nahbereich von maximal zehn Metern um eine Person.Bluetooth is basically a protocol for wireless (wireless) data transmission. The standard is used for data transmission by shortwave radio in the globally license-free ISM network (2.45 GHz, as in IEEE 802.11b) with a maximum range of 10 m, by amplification up to a maximum of 100m (usually not provided in this case). The transmission speed reaches 1Mbps. The connection type is one-to-one. Apart from a data channel, voice channels are also available. This system is intended especially for so-called PANs (Personal Area Network), d. H. for very local personal wireless networks, which are as automatic as possible, d. H. without specific influence of the user to be built. This refers to the close range of a maximum of ten meters around one person.
Durch das Bluetooth Verfahren soll die kabelgebundene Datenübertragung überflüssig werden. Dadurch lassen sich etwa kabellose Local Area Networks installieren, oder die Datenübertragung zwischen mobilen und stationären Geräten ermöglichen. Dabei kann der Datenaustausch auch automatisch erfolgen, sobald die Reichweite unterschritten wird. Ein weiterer Anwendungsbereich ist die Vernetzung im Privatbereich.Due to the Bluetooth method, the wired data transfer should be superfluous. This can be used to install wireless local area networks, for example, or to enable data transfer between mobile and stationary devices. The data exchange can also take place automatically as soon as the range is undershot. Another area of application is networking in the private sector.
Um Bluetooth-fähig zu sein, müssen die Geräte mit einem Bluetooth-Chip zur Sende- und Empfangssteuerung ausgestattet sein. Der Bluetoothstandard wurde von der Bluetooth Special Interest Group spezifiziert, Bluetooth 1.0 im Juli 1999. Der Standard ist offen. Jedes Gerät verfügt über eine eindeutige 48-Bit Adresse, welche ständig nach aussen kommuniziert wird. Kommen zwei Bluetooth-fähige Geräte in genügend nahen Kontakt, so tauschen sie gem. Protokoll automatisch die korrespondierenden ID-Adressen aus.To be Bluetooth enabled, the devices must be equipped with a Bluetooth chip for send and receive control. The Bluetooth standard was specified by the Bluetooth Special Interest Group, Bluetooth 1.0 in July 1999. The standard is open. Each device has a unique 48-bit address, which is constantly communicated to the outside. If two Bluetooth-enabled devices come in close enough contact, they swap according to. Log automatically the corresponding ID addresses.
Wireless LAN (WLAN) ist ein weiterer, offener Standard (IEEE 802.11) für drahtlose Datenübertragung und wird im Gegensatz zu Bluetooth vor allem bei grösseren Datenmengen und Distanzen in Zukunft vermehrt Verwendung finden. Auch hier wird mit drahtloser Datenübermittlung und einer jeweils eindeutigen Kennung gearbeitet und das WLAN eignet sich somit ebenfalls für das vorgeschlagene Verfahren. Dies insbesondere, da zunehmend mobiltelephoniefähige Geräte mit WLAN-Schnittstellen ausgerüstet werden (z.B. mobiltelephoniefähige PDAs). Stehen keine Mobiltelefone mit Bluetooth zur Verfügung, oder muss eine grössere Reichweite möglich sein, oder ist z.B. eine derartige WLAN Ausrüstung in einem Gebäude bereits vorhanden, kann alternativ oder parallel auch diese Technologie im vorgeschlagenen Verfahren zur Anwendung kommen. Grundsätzlich bietet somit der Bluetooth oder der WLAN-Standard eine sehr breite Palette an Kommunikationsmöglichkeiten an. Im vorliegenden Fall wird das Bluetooth/WLAN-Gerät 9 aber nur dazu verwendet, als Sender zu dienen, d. h. es wird nur die Eigenschaft ausgenützt, dass ein derartiges Gerät 9 ständig seine eindeutige Adresse aussendet. Dies, um wie bereits erwähnt, die physikalische Präsenz des Mobiltelefons im Bereich des Zutrittspunktes 1 sicherzustellen und um die Identität des Zutrittspunktes zu übermitteln.Wireless LAN (WLAN) is another open standard (IEEE 802.11) for wireless data transmission and, in contrast to Bluetooth, will be used more often, especially with larger data volumes and distances. Here too, wireless data transmission and a respectively unique identifier are used and the WLAN is therefore also suitable for the proposed method. This is especially true as increasingly mobile-enabled devices are equipped with WLAN interfaces (e.g., mobile-phone-capable PDAs). Are no mobile phones with Bluetooth available, or must a longer range be possible, or is e.g. If such a WLAN equipment already exists in a building, alternatively or in parallel, this technology can also be used in the proposed method. Basically, the Bluetooth or the WLAN standard thus offers a very wide range of communication options. In the present case, the Bluetooth / WLAN device 9 but only used to serve as a transmitter, d. H. it is only exploited the property that such a device 9 constantly sends out its unique address. This, as already mentioned, to ensure the physical presence of the mobile phone in the area of the access point 1 and to convey the identity of the access point.
Die Nachrüstung des konventionellen Zutrittskontrollsystems mit derartigen Bluetooth oder WLAN-Geräten 9 ist äusserst einfach. Im wesentlichen besteht sie darin, bei jedem gegebenenfalls freizugebenden Eingang ein derartiges Gerät 9 derart anzubringen, dass ein Empfang durch ein Mobiltelefon 7 im wesentlichen nur unmittelbar vor dem Eingang 1 möglich ist. Typischerweise sollte ein Empfang der spezifischen ID des Gerätes 9 durch ein Mobiltelefon 7 nur möglich sein, wenn das Mobiltelefon 7 näher als einen Meter vor dem Eingang 1 ist.Retrofitting the conventional access control system with such Bluetooth or WLAN devices 9 is extremely simple. Essentially, it consists in such a device 9 to be attached to each optionally be released input such that a reception by a
Insbesondere vorteilhaft an der vorliegenden Erfindung ist es, dass das Gerät 9 in keiner Weise physikalisch in das Zutrittskontrollsystem eingebunden werden muss, d. h. es ist nicht erforderlich, das Gerät 9 beispielsweise an den Controller 3 anzuschliessen und mit diesem zu koordinieren. Das Gerät 9 wird nur im Bereich des Durchgangs 1 angeordnet und kann beispielsweise zudem über eine separate Stromversorgung versorgt werden. Der einzige Schritt, welcher anschliessend erforderlich ist, ist eine Zuordnung der eindeutigen Adresse eines spezifischen Gerätes 9 zu einem spezifischen Durchgang 1. Dazu reicht es, diese ID einmal auszulesen, und anschliessend im Access Control-Server 4 dem spezifischen Eingang 1 diese ID zuzuordnen. So wird gewissermassen ein virtueller Zutrittspunkt geschaffen.It is particularly advantageous with the present invention that the device 9 does not have to be physically integrated into the access control system in any way, ie it is not necessary to connect the device 9 to the
Im folgenden soll nun ein beispielhaftes Verfahren beschrieben werden, in welchem eine temporäre Zutrittskontrolle vergeben wird:
- Im Rahmen von Unterhaltsarbeiten in einem Gebäude, welches mit einer Zutrittskontrolle verwaltet wird, soll einer Person ausnahmsweise für einen Nachmittag die Berechtigung vergeben werden, jeweils den Haupteingang eines Gebäudekomplexes zum Zugang benutzen zu können.
- In the context of maintenance work in a building, which is managed with an access control, a person should exceptionally be assigned for one afternoon the right to use the main entrance of a building complex for access.
Ein Verwalter des Zutrittskontrollsystems gibt anschliessend direkt oder indirekt auf dem Access Control-Server 4 anstelle oder zusätzlich zum RFID Medium die Mobiltelefon-Nr. der Person z.B. an einer Bedienstation 10 ein, und ordnet dieser Mobiltelefon-Nr. spezifische Zutrittsberechtigungen zu, im konkreten Fall wird die Berechtigung vergeben, während des vorgegebenen Nachmittags jeweils den Haupteingang des Gebäudekomplexes benützen zu dürfen.An administrator of the access control system is then directly or indirectly on the
Anschliessend werden die den Haupteingängen des Gebäudekomplexes zugeordneten eindeutigen Adressen der bei diesen Haupteingängen angeordneten Bluetooth/WLAN-Geräte 9 entweder direkt an das Mobiltelefon der Person übermittelt, normalerweise zusammen mit einer auf dem Mobiltelefon lauffähigen Software (z.B. Java), und auf diesem hinterlegt; alternativ, und diese Lösung ist insofern bevorzugt, als auf dem Mobiltelefon dadurch keine Daten gespeichert werden und somit ggf. das Mobiltelefon gewechselt werden kann, solange die gleiche Mobiltelefon Nr. zugeordnet ist, wird diese Software ohne zugeordnete Adressen der erlaubten Geräte 9 nur auf dem Zutrittskontrollsystem derart bereitgestellt, dass bei einer ersten Kontaktaufnahme des Mobiltelefons der Person (beispielsweise wenn diese sich vor der Tür befindet und eine entsprechende Mobiltelefon-Nr. zum ersten Mal wählt) mit dem Zutrittskontroll-Server respektive dessen GSM-Server 5 die zugehörige Software automatisch an das Mobiltelefon übergeben wird.Subsequently, the unique addresses assigned to the main entrances of the building complex of the Bluetooth / WLAN devices 9 arranged at these main entrances are either transmitted directly to the person's mobile telephone, normally together with a software executable on the mobile telephone (eg Java) and deposited thereon; Alternatively, and this solution is preferred insofar as no data is stored on the mobile phone and thus possibly the mobile phone can be changed as long as the same mobile phone number is assigned, this software is not assigned addresses of the allowed devices 9 only on the Access control system provided such that at a first contact of the mobile phone of the person (for example, if this is located in front of the door and a corresponding mobile phone number for the first time) with the access control server or its
Kommt nun die Person zum richtigen Zeitpunkt, d. h. am freigegebenen Nachmittag, in die Nähe eines spezifischen Haupteingangs des Gebäudekomplexes, so empfängt das Bluetooth-fähige Mobiltelefon der Person automatisch die eindeutige Adresse des Gerätes dieses spezifischen Haupteingangs. Wurde die entsprechende Software bereits auf dem Mobiltelefon hinterlegt, erkennt nun das Mobiltelefon einen derartigen Sender. Es wird nun, ggf. automatisch, die zugehörige Software auf dem Mobiltelefon 7 ausgelöst, und, sofern erforderlich, von der Person beispielsweise aus Sicherheitsgründen zusätzlich die Eingabe eines PIN Codes abgefragt. Hat diese den PIN Code eingegeben, so wird der Pin Code zusammen mit der eindeutigen Adresse des spezifischen Bluetooth/WLAN-Gerätes 9 des spezifischen Haupteingangs automatisch vom Mobiltelefon an das Zutrittskontrollsystem übermittelt. Dies geschieht über das GSM-Netz, entweder in Form eines SMS oder einer telefonischen Datenübennittlung, möglich ist auch ein Email oder eine andere Übermittlung nach einem bestimmten Protokoll. Im Zutrittskontrollsystem überprüft nun der Access Control-Server 4, ob dieses Mobiltelefon 7 respektive diese Mobiltelefonnummer, denn die Kennung ist nicht an das Gerät sondern an die dem Mobiltelefon zugewiesene Nummer gebunden, zu diesem Zeitpunkt an diesem (auf Grund der eindeutigen Adresse respektive auf Grund einer korrespondierenden aus dieser Adresse erzeugten Information) Durchgang berechtigt ist, und ob der eingegebene PIN Code korrekt ist. Wenn alle Bedingungen erfüllt sind, wird der Access Control-Server 4 dem zugehörigen Controller 3 derart ansteuern, dass der Schliessmechanismus 8 des Durchgangs 1 derart beeinflusst wird, dass die Person eintreten kann.Now comes the person at the right time, d. H. In the afternoon, near a specific main entrance of the building complex, the person's Bluetooth-enabled mobile phone automatically receives the unique address of the device of that specific main entrance. If the corresponding software has already been stored on the mobile phone, the mobile phone now recognizes such a sender. It is now, if necessary, automatically triggered the associated software on the
Ein weiterer Vorteil des Verfahrens ist, dass die Person ihr persönliches Mobiltelefon 7 jederzeit wechseln kann, ohne die Berechtigungen zu verlieren. Wichtig ist nur, dass die SIM Karte und somit die Telefonnummer des verwendeten Mobiltelefons die selbe bleibt. Speziell bei der Verwendung von zwei oder mehreren Mobiltelefonen 7 mit einer Mobiltelefonnummer kommt der Vorteil zu tragen. Möglich ist diese Flexibilität, weil auf dem Mobiltelefon 7 keine Daten des Zutrittskontrollsystems, höchstens die genannte Software, welche aber bei jeder Kontaktaufnahme automatisch wenn erforderlich erneut heruntergeladen wird, abgelegt sind und der Sender 9 die eindeutige Bluetooth/WLAN Adresse des Mobiltelefons 7 nicht kennen muss. In reinen auf Bluetooth basierenden Zutrittskontrollsystemen ist dieses Problem nur sehr aufwändig lösbar.Another advantage of the method is that the person can change their personal
Neben der sicheren Identifikation vor Ort ermöglicht das Verfahren auch eine Identifikation in beliebiger Distanz zum Durchgang 1, solange sich das Mobiltelefon in genügender Nähe zu einem Bluetooth/WLAN-Sender befindet, d. h. solange sich das Mobiltelefon in einem spezifischen und definierten Bereich befindet. Somit kann eine Weitbereichslösung ohne Limiten realisiert werden, die trotzdem örtlich gebunden ist. Möglich ist diese Variante insbesondere, weil der Sender 9 nicht mit dem Controller 3 verbunden sein muss und weil zudem ggf. pro Zutrittspunkt mehrere Sender 9 möglich sind. Werkszufahrten für Lieferanten sind ein solches Beispiel oder eine Remote Öffnung eines Durchganges 1 durch einen Systembediener, der keinen Zugang zu seiner Bedienstation 10 hat, aber auf dem Gelände innerhalb der Reichweite des Senders 1 ist, der diesem Durchgang 1 unter anderem zugeordnet ist. Denkbar sind beispielsweise in diesem Zusammenhang Lösungen, bei welchen Personal in einem bestimmten Arbeitsbereich, beispielsweise einem Raum mit Videokameras, welche spezifische Zugänge überwachen, und in welchem Raum sich ein Bluetooth/WLAN-Sender befindet, ermächtigt wird mit einem Mobiltelefon einen Durchgangspunkt, welcher mit einer der Videokameras überwacht wird, zu öffnen.In addition to the secure identification on site, the method also allows identification at any distance to the passage 1, as long as the mobile phone is in sufficient proximity to a Bluetooth / WLAN transmitter, ie as long as the mobile phone is in a specific and defined area. Thus, a wide-area solution without limits can be realized, which is still localized. This variant is possible in particular because the transmitter 9 does not have to be connected to the
- 11
- Durchgangpassage
- 22
- Leserreader
- 33
- Controllercontroller
- 44
- Access Control-ServerAccess Control server
- 55
- GSM-ServerGSM Server
- 66
- Antenne (schematisch)Antenna (schematic)
- 77
- Mobiltelefonmobile phone
- 88th
- physikalischer Schliessmechanismus (Schloss)physical closing mechanism (lock)
- 99
-
Bluetooth-Sender 10 Bedienstation
Bluetooth transmitter 10 operating station
Claims (17)
- An access control system having- a standard access control system (2-4, 8), via which a large number of access points (1) can each be controlled via individual physical locking mechanisms (8), with at least one reader (2) as well as a controller (3), which is connected to it, for controlling the locking mechanism (8) being provided at each access point (1), and with at least one access control server (4) being provided, which carries out central management of the access data;- at least one mobile telephony server (5) connected to the access control server (4), which is at least indirectly able to send data via a mobile telephone network to mobile telephone subscribers (7), and to receive data from them, in which case this mobile telephony server (5) may also be an integral component of the access control server (4);
characterized in that
the access control server (4) is connected to the respective controllers (3)
that a short-range transmitter (9), in the form of an independent unit, which has no direct connection to the standard access control system (2-4, 8), is provided at one specified location and transmits access-point-specific identification information in such a manner that this is received by a mobile telephone (7) which is located in the reception area of the transmitter (9), and is used at least indirectly by this to control the access control at a specific associated access point (1). - The access control system as claimed in claim 1, characterized in that the specified location is a location in the area of the associated access point (1), such that the identification information from the transmitter (9) can be received by the mobile telephone (7) only in the immediate vicinity of the access point (1).
- The access control system as claimed in claim 1, characterized in that the specified location is a location in front of the associated access point (1), or is a specific working area.
- The access control system as claimed in one of the preceding claims, characterized in that the transmitter (9) is a Bluetooth appliance, particularly preferably with a range of less than 10 meters, and in that the authorized mobile telephone (7) has a Bluetooth interface.
- The access control system as claimed in one of the preceding claims, characterized in that the transmitter (9) is a WLAN station, and in that the authorized mobile telephone (7) has a WLAN interface.
- The access control system as claimed in one of the preceding claims, characterized in that the identification information is a hardware-specific, unique address of the transmitter (9), particularly preferably an appliance-specific 48-bit address of a Bluetooth appliance (9), or an address which is specific to a corresponding appliance for a WLAN appliance or a WLAN network.
- The access control system as claimed in one of the preceding claims, characterized in that the transmitter (9) is in the form of an independent unit, which has no direct connection to the mobile telephony server (5).
- The access control system as claimed in one of the preceding claims, characterized in that the standard access control system (2-4, 8) also allows access control using means without mobile telephony (7), in particular based on RFID technology.
- A method for access control, particularly preferably using an access control system as claimed in one of the preceding claims, with
a standard access control system (2-4, 8) being provided, via which a large number of access points (1) can each be controlled via individual physical locking mechanisms (8), with at least one reader (2) as well as a controller (3), which is connected to it, preferably being provided in order to control the locking mechanism (8) for each access point (1), and with at least one access control server (4) being provided, which carries out central management of the access data;
and with at least one mobile telephony server (5) being provided, connected to the access control server (4), which is at least indirectly able to send data via a mobile telephone network to mobile telephone subscribers (7), and to receive data from them, in which case this mobile telephony server (5) may also be an integral component of the access control server (4) ;
characterized in that
the access control server (4) is connected to the respective controllers (3)
a short-range transmitter (9) is provided with a specified location, preferably at at least one access point (1), in that a mobile telephone (7) is authorized for access at specific access points (1) in a specific time period via the access control server (4), and/or via the mobile telephony server (5) via the mobile telephone network,
in that the transmitter (9) transmits access-point-specific identification information continuously or at times, in such a manner that it can be received by only a mobile telephone (7) which is located in the reception area of the transmitter,
in that a mobile telephone (7) which is located in the reception area of the transmitter (9) detects the identification of this transmitter (9) via this identification information,
and in that the access point (1) associated with the transmitter (9) is then opened, with direct or indirect use of this identification information, via the mobile telephone (7), the mobile telephone network, the mobile telephony server (5), the access control server (4) and the controller (3). - The method as claimed in claim 9, characterized in that the transmitter (9) is arranged in the vicinity of the access point (1) in such a manner that the mobile telephone (7) can receive its identification information only in the immediate vicinity of the access point (1).
- The method as claimed in one of claims 9 or 10, characterized in that, after detection of the identification information, the mobile telephone (7) additionally demands the input of an authentication in particular such as a PIN code, password or biometric information (7), and this user-specific information is transmitted together with the identification of the access point (1) to be processed via the mobile telephone network to the mobile telephony server (5) and to the access control server (4), which then activates the associated controller (3).
- The method as claimed in one of claims 9-11, characterized in that the mobile telephone (7) transmits the identification information and if appropriate the PIN code via the GSM network in the form of a telephonic data transmission or in the form of an SMS to the access control server (4).
- The method as claimed in one of claims 9-12, characterized in that the transmitter (9) is a Bluetooth appliance or a WLAN appliance (9), which transmits its unique address as identification information, and this address is used to identify the associated access point (1), and in that the mobile telephone (7) has a Bluetooth interface or a WLAN interface, in which case the mobile telephone (7) automatically starts an appropriate dialogue with the mobile telephone user on reception of specific addresses of this type which are transmitted in the course of the authorization process and correspond to the authorized access points (1), possibly requests authentication of the user, and in any case then transmits a request to open the specific access point (1) via the mobile telephone network to the mobile telephony server (5) and to the access control server (4).
- The method as claimed in one of claims 9-13, characterized in that the transmitter (9) is a Bluetooth appliance or a WLAN appliance (9), which is arranged in the area of the gateway (1) in such a way that the identification information can be received by a mobile telephone (7) only within a distance of less than 1 m, particularly preferably less than 0.5 m outside and in front of the gateway (1).
- The method as claimed in one of claims 9-14, characterized in that the transmitter (9) is a Bluetooth appliance or a WLAN appliance (9), which is arranged in a specific area in front of the associated access point (1), or in a working area associated with the access point.
- A data processing program, which can run on a mobile telephone (7), for carrying out a method as claimed in one of claims 9-15, which is designed to transmit identification information, received via a Bluetooth or WLAN interface, from a transmitter (9), possibly together with additional information requested in a request, such as a PIN code, a password or biometric information, automatically via the GSM network to an access control server (4).
- A mobile telephone (7) having a data processing program as claimed in claim 16.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CH122004 | 2004-01-06 | ||
PCT/CH2004/000739 WO2005066908A2 (en) | 2004-01-06 | 2004-12-16 | Access control system and method for operating said system |
Publications (2)
Publication Number | Publication Date |
---|---|
EP1702306A2 EP1702306A2 (en) | 2006-09-20 |
EP1702306B1 true EP1702306B1 (en) | 2010-08-11 |
Family
ID=34744467
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP04820940A Active EP1702306B1 (en) | 2004-01-06 | 2004-12-16 | Access control system and method for operating said system |
Country Status (5)
Country | Link |
---|---|
US (1) | US20070200665A1 (en) |
EP (1) | EP1702306B1 (en) |
AT (1) | ATE477561T1 (en) |
DE (1) | DE502004011533D1 (en) |
WO (1) | WO2005066908A2 (en) |
Families Citing this family (49)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7706778B2 (en) * | 2005-04-05 | 2010-04-27 | Assa Abloy Ab | System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone |
AT503461B1 (en) * | 2006-03-29 | 2008-06-15 | Christian Csank | METHOD FOR AUTHENTICATING AT LEAST ONE MOBILE OPERATING DEVICE FOR ACTUATING AN ACTUATOR |
WO2007114716A1 (en) * | 2006-04-03 | 2007-10-11 | Resonance Holdings Limited | Methods for determining proximity between radio frequency devices and controlling switches |
US8074271B2 (en) | 2006-08-09 | 2011-12-06 | Assa Abloy Ab | Method and apparatus for making a decision on a card |
US9985950B2 (en) | 2006-08-09 | 2018-05-29 | Assa Abloy Ab | Method and apparatus for making a decision on a card |
US20080129444A1 (en) * | 2006-12-01 | 2008-06-05 | Shary Nassimi | Wireless Security System |
KR101321288B1 (en) * | 2007-01-25 | 2013-10-25 | 삼성전자주식회사 | Method of re-enabling disabled device capability and device management system therefor |
DE102007024705A1 (en) * | 2007-05-25 | 2008-11-27 | Et Lumen Gmbh Lichttechnik Und Design | Electronic system for controlling hotel guest logistics, has terminals and each terminal is formed as mobile phone of hotel guest and authentification server is provided at hotel side |
US7957528B2 (en) * | 2007-08-21 | 2011-06-07 | Sony Corporation | Near field registration of home system audio-video device |
WO2010090533A2 (en) | 2009-01-07 | 2010-08-12 | Resonance Holdings Limited | Bluetooth authentication system and method |
EP2254086A1 (en) * | 2009-05-22 | 2010-11-24 | Merlin Inc. | Method and system for recognizing customer by using his mobile phone |
US20130015947A1 (en) * | 2010-01-08 | 2013-01-17 | Telekom Deutschland Gmbh | Method and system for access authorization |
WO2011109460A2 (en) | 2010-03-02 | 2011-09-09 | Liberty Plug-Ins, Inc. | Method and system for using a smart phone for electrical vehicle charging |
EP2387007A1 (en) * | 2010-05-14 | 2011-11-16 | Deutsche Telekom AG | Access control method and system |
NL2004825C2 (en) | 2010-06-04 | 2011-12-06 | Ubiqu B V | A method of authorizing a person, an authorizing architecture and a computer program product. |
US20120169461A1 (en) * | 2010-12-31 | 2012-07-05 | Schneider Electric Buildings Ab | Electronic physical access control with remote authentication |
US9781599B2 (en) * | 2011-01-07 | 2017-10-03 | Delphian Systems, LLC | System and method for access control via mobile device |
US8571471B2 (en) * | 2011-04-22 | 2013-10-29 | Adam Kuenzi | Batteryless lock with trusted time |
EP2568421A1 (en) * | 2011-09-07 | 2013-03-13 | Amadeus | Method and system for accessing places |
US8947200B2 (en) * | 2011-11-17 | 2015-02-03 | Utc Fire & Security Corporation | Method of distributing stand-alone locks |
AT513016B1 (en) | 2012-06-05 | 2014-09-15 | Phactum Softwareentwicklung Gmbh | Method and device for controlling a locking mechanism with a mobile terminal |
CN102791016B (en) * | 2012-07-04 | 2014-12-10 | 大唐移动通信设备有限公司 | Access processing method and device |
WO2014125028A1 (en) * | 2013-02-15 | 2014-08-21 | Bernhard Mehl | Arrangement for the authorised access of at least one structural element located in a building |
US9557719B2 (en) * | 2013-02-26 | 2017-01-31 | Honeywell International Inc. | Access control system using smart phone |
JP5503774B1 (en) * | 2013-04-23 | 2014-05-28 | 株式会社Nttドコモ | Wireless tag search method and apparatus |
CN103366433B (en) * | 2013-07-08 | 2015-10-07 | 上海大学 | A kind of Real-Time Monitoring all-purpose card gate inhibition status method |
EP2833330B1 (en) | 2013-07-30 | 2018-07-18 | Paxton Access Limited | Communication method and system |
US9763086B2 (en) | 2013-08-27 | 2017-09-12 | Qualcomm Incorporated | Owner access point to control the unlocking of an entry |
AU2014342341B2 (en) * | 2013-10-29 | 2019-07-25 | Cubic Corporation | Fare collection using wireless beacons |
US9367974B1 (en) * | 2014-04-07 | 2016-06-14 | Rockwell Collins, Inc. | Systems and methods for implementing network connectivity awareness, monitoring and notification in distributed access control |
DE102014107242A1 (en) | 2014-05-22 | 2015-11-26 | Huf Hülsbeck & Fürst Gmbh & Co. Kg | System and method for access control |
CN104103111B (en) * | 2014-07-19 | 2016-08-17 | 张明 | Automatically-controlled door access control system based on Bluetooth of mobile phone communication and its implementation |
US9558377B2 (en) | 2015-01-07 | 2017-01-31 | WaveLynx Technologies Corporation | Electronic access control systems including pass-through credential communication devices and methods for modifying electronic access control systems to include pass-through credential communication devices |
JP6836034B2 (en) * | 2015-08-31 | 2021-02-24 | 株式会社日立国際電気 | Entry / exit management system |
DE102015216910A1 (en) * | 2015-09-03 | 2017-03-09 | Siemens Aktiengesellschaft | A method of operating an access unit by means of a mobile electronic terminal |
EP3147869A1 (en) * | 2015-09-25 | 2017-03-29 | Assa Abloy AB | Determining access in a scenario of a plurality of locks |
EP3529437B1 (en) | 2016-10-19 | 2023-04-05 | Dormakaba USA Inc. | Electro-mechanical lock core |
US10647544B2 (en) | 2017-06-05 | 2020-05-12 | Otis Elevator Company | Elevator notifications on mobile device associated with user identification device |
CA3075189C (en) | 2017-09-08 | 2023-03-21 | Dormakaba Usa Inc. | Electro-mechanical lock core |
DE102017219533B4 (en) | 2017-11-03 | 2024-03-14 | Siemens Schweiz Ag | System and procedure for controlling access to people |
EP3489914A1 (en) * | 2017-11-27 | 2019-05-29 | dormakaba Schweiz AG | Access control method and access control system |
CN108257240A (en) * | 2018-01-16 | 2018-07-06 | 南宁学院 | A kind of multi-functional attendance checking system |
US11466473B2 (en) | 2018-04-13 | 2022-10-11 | Dormakaba Usa Inc | Electro-mechanical lock core |
WO2019200257A1 (en) | 2018-04-13 | 2019-10-17 | Dormakaba Usa Inc. | Electro-mechanical lock core |
CN109300208A (en) * | 2018-09-03 | 2019-02-01 | 李扬渊 | Method for unlocking, unlocking apparatus, lock system, lock device and storage medium |
DE102019204077B4 (en) * | 2019-03-25 | 2022-11-17 | Vega Grieshaber Kg | Authorization assignment to field devices |
US10952077B1 (en) * | 2019-09-30 | 2021-03-16 | Schlage Lock Company Llc | Technologies for access control communications |
US20230006861A1 (en) * | 2021-07-01 | 2023-01-05 | Schlage Lock Company Llc | Access control embedded into network gear |
ES2937716B2 (en) * | 2021-09-28 | 2023-07-31 | Laliga Content Prot Sl | Access control procedure and system |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4113986A (en) * | 1977-10-21 | 1978-09-12 | Bell Telephone Laboratories, Incorporated | Telephone controlled lock release arrangement |
US6072402A (en) * | 1992-01-09 | 2000-06-06 | Slc Technologies, Inc. | Secure entry system with radio communications |
US6038666A (en) * | 1997-12-22 | 2000-03-14 | Trw Inc. | Remote identity verification technique using a personal identification device |
US6759956B2 (en) * | 1998-10-23 | 2004-07-06 | Royal Thoughts, L.L.C. | Bi-directional wireless detection system |
US6720861B1 (en) * | 1999-03-12 | 2004-04-13 | Best Access Systems | Wireless security control system |
AT4105U1 (en) * | 1999-10-15 | 2001-01-25 | Disoft Edv Programme Gmbh | DEVICE FOR DATA COLLECTION |
WO2001040605A1 (en) * | 1999-11-30 | 2001-06-07 | Bording Data A/S | An electronic key device, a system and a method of managing electronic key information |
FI20002255A (en) * | 2000-10-13 | 2002-04-14 | Nokia Corp | A method for controlling and controlling locks |
EP1271418A1 (en) * | 2001-06-27 | 2003-01-02 | Nokia Corporation | Method for accessing a user operable device of controlled access |
US7202783B2 (en) * | 2001-12-18 | 2007-04-10 | Intel Corporation | Method and system for identifying when a first device is within a physical range of a second device |
DK1336937T3 (en) * | 2002-02-13 | 2004-09-27 | Swisscom Ag | Access control system, access control method and suitable devices therefor |
US6885738B2 (en) * | 2003-02-25 | 2005-04-26 | Bellsouth Intellectual Property Corporation | Activation of electronic lock using telecommunications network |
WO2004114226A1 (en) * | 2003-06-24 | 2004-12-29 | T-Cos | Work time recording system and method for recording work time |
-
2004
- 2004-12-16 DE DE502004011533T patent/DE502004011533D1/en active Active
- 2004-12-16 AT AT04820940T patent/ATE477561T1/en not_active IP Right Cessation
- 2004-12-16 WO PCT/CH2004/000739 patent/WO2005066908A2/en active Application Filing
- 2004-12-16 EP EP04820940A patent/EP1702306B1/en active Active
- 2004-12-16 US US10/585,317 patent/US20070200665A1/en not_active Abandoned
Also Published As
Publication number | Publication date |
---|---|
DE502004011533D1 (en) | 2010-09-23 |
US20070200665A1 (en) | 2007-08-30 |
EP1702306A2 (en) | 2006-09-20 |
WO2005066908A3 (en) | 2005-11-24 |
ATE477561T1 (en) | 2010-08-15 |
WO2005066908A2 (en) | 2005-07-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1702306B1 (en) | Access control system and method for operating said system | |
EP2238576B1 (en) | Method and device for regulating access control | |
EP1955287B1 (en) | Method and central device for access controls to secure areas or devices | |
EP3729385B1 (en) | Access control system with wireless authentication and password entry | |
WO2018091354A1 (en) | Access control system having automatic status update | |
EP3610466B1 (en) | Visitor registration and access control method | |
WO2014125028A1 (en) | Arrangement for the authorised access of at least one structural element located in a building | |
ZA200707606B (en) | Method for modernizing the control of an elevator car | |
EP2387007A1 (en) | Access control method and system | |
WO2019121335A1 (en) | Access control system having radio and facial recognition | |
EP3465636A1 (en) | Door system | |
EP3634897A1 (en) | Elevator system with visitor operating mode | |
EP3422301B1 (en) | Hands-free vehicle locking system with a mobile terminal | |
AT504633B1 (en) | METHOD FOR AUTHENTICATING A MOBILE OPERATING DEVICE | |
DE102010019467A1 (en) | Contactless entry system for use in hotel to open door, has digital keys, where count contained in keys is compared with count stored in near-field enabled lock, and lock is released based on positive comparison result | |
EP1808819A1 (en) | Automatic management of the presence of persons in buildings | |
AT503461B1 (en) | METHOD FOR AUTHENTICATING AT LEAST ONE MOBILE OPERATING DEVICE FOR ACTUATING AN ACTUATOR | |
EP3739554A1 (en) | Access control system and method for operating an access control system | |
WO2003023722A2 (en) | Method for verifying access authorization | |
EP1768316B1 (en) | Deblocking of a wireless card | |
EP1752929B2 (en) | Access control method for an area accessible to persons, in particular for a room closed off by means of a door | |
EP3289729B1 (en) | Actuating home automation functions | |
EP1762998A2 (en) | Control of actuator elements by means of mobile terminal equipment | |
EP3624072A1 (en) | Identification adapter and identification device | |
DE102008058660A1 (en) | Access control system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20060717 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU MC NL PL PT RO SE SI SK TR |
|
DAX | Request for extension of the european patent (deleted) | ||
17Q | First examination report despatched |
Effective date: 20070808 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU MC NL PL PT RO SE SI SK TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D Free format text: NOT ENGLISH |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D Free format text: LANGUAGE OF EP DOCUMENT: GERMAN |
|
REF | Corresponds to: |
Ref document number: 502004011533 Country of ref document: DE Date of ref document: 20100923 Kind code of ref document: P |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: VDEP Effective date: 20100811 |
|
LTIE | Lt: invalidation of european patent or patent extension |
Effective date: 20100811 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100811 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100811 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100811 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20101211 Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100811 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20101111 Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100811 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20101213 Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100811 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FD4D |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20101112 Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100811 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100811 Ref country code: IE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100811 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100811 Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100811 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100811 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100811 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100811 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
BERE | Be: lapsed |
Owner name: KABA A.G. Effective date: 20101231 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20101122 |
|
26N | No opposition filed |
Effective date: 20110512 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20101231 |
|
GBPC | Gb: european patent ceased through non-payment of renewal fee |
Effective date: 20101216 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 502004011533 Country of ref document: DE Effective date: 20110512 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: ST Effective date: 20110831 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20101231 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20110103 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GB Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20101216 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AT Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20101216 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MM01 Ref document number: 477561 Country of ref document: AT Kind code of ref document: T Effective date: 20101216 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20101216 Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20110212 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100811 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20231214 Year of fee payment: 20 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: CH Payment date: 20240101 Year of fee payment: 20 |