EP2273453A1 - Method for operating an access control system - Google Patents

Abstract

The method involves transferring a password to a central processing unit (4) by a computer unit (3) through communicative connections (31,31'). The communicative connections are tested, whether the transferred password is matched with a valid password for an area profile. The released area profile is changed by the computer unit through communicative connections. Independent claims are also included for the following: (1) an access control system; and (2) a computer program product for a data storage.

Description

The invention relates to a method for operating an access control system according to the preamble of the independent claim.

W02008 / 089207A1 discloses a method of operating an access control access control system to a secure area of a building, such as a floor or a portion of a floor. The access control system comprises a central computer unit and a door opener. The door opener allows access to the secured area. The central computer unit is in communicative connection with the door opener via network-supported access points. The door opener has a reading device which reads in an identification code from a mobile data carrier. The read identification code is checked by either the reading device or the central processing unit with an identification code of a list of valid identification codes for the secure area. If the check is successful, the door opener allows access to the secured area.

The object of the present invention is to further develop this process.

This object is solved by the characterizing features of the independent claim.

In the method according to the invention for operating an access control system, the access control system has at least one door fitting to a secured area of a building and at least one identification code on a mobile data carrier; which identification code from a reading device a door fitting is read; if a read-in identification code is valid, access to the area secured by the door fitting is granted; a computer unit transmits an authorization code to a central computer unit via at least one communicative connection; checking that the authorization code matches a valid authorization code for an area profile; upon successful verification of the transmitted authorization code, write and read rights for the area profile are released to the computer unit transmitting the authorization code; the shared area profile is changed by the computer unit via a communicative connection.

This has the advantage that from any computer unit, an area profile with a valid identification code can be changed to a secure area of the building, which makes the operation of the access control system simple and flexible. The computer unit must identify itself with an authorization code at a central computer unit as justified for this change of the area profile. The validity of this authorization code is checked. The transmission of the authorization code and the change of the released area profile takes place via a communicative connection. In this way, the operation of the access control system is safe.

Advantageous developments of the method are described in the dependent claims.

Advantageously, the computer unit records an identification code of a mobile data carrier as a valid identification code in the released area profile. Advantageously, the computer unit removes an identification code of a mobile data carrier as a valid identification code from the released area profile.

This has the advantage that a valid identification code of a mobile data carrier can be recorded in the area profile and / or removed by the computer unit. Neither the computer unit still the mobile disk must be physically at the place of the door fitting and / or the central computer unit, which makes the operation of the access control system simple and flexible.

Advantageously, a validity of an identification code of the shared area profile is changed by the computer unit. Advantageously, an entity is included in the released area profile by the computer unit. Advantageously, an entity is removed from the shared area profile by the computer unit. Advantageously, the reading unit of an entity of the shared area profile is changed by the computer unit. Advantageously, the computer unit changes a write right of an entity of the shared area profile. Advantageously, the computer unit changes a time zone of an entity of the shared area profile.

This has the advantage that diverse information of the shared area profile from which the computer unit can be maintained, which makes the operation of the access control system simple and flexible.

Advantageously, the computer unit creates an identification code of a mobile data carrier in a released area profile as a provisional identification code; and if an identification code corresponding to the provisional identification code is read by the reading device of the door fitting granting access to the secured area of the released area profile, the read-in identification code is included in the released area profile as a valid identification code.

This has the advantage that a provisional identification code of a mobile data carrier of the arithmetic unit is first created in the shared area profile and only when actually read in the provisional identification code is the read identification code in the released area profile as a valid identification code. Thus, a new identification code is not included in the area profile until it is actually read by the reading device, which makes the operation of the access control system safe. Also, for reading an identification code in an area profile no reading device in the computer unit is necessary, which makes the operation of the access control system simple and inexpensive.

Advantageously, a provisional identification code is created by specifying a digit sequence in a shared area profile; and if read by the reading device of the door fitting granting access to the secured area of the released area profile, a digit sequence corresponding to the digit sequence of the provisional identification code, an identification code read in with the digit sequence is included in the released area profile as a valid identification code.

This has the advantage that the computer device does not have to include a complete identification code in the released area profile, but that it is sufficient to include parts of the identification code, for example the first two or three digits of the identification code, in the released area profile. It may also be sufficient to include information of the area profile, for example a name or a first name, in the released area profile and, when reading in this information, to include the identification code read with this information in the report profile as a valid identification code. This makes the operation of the access control system simple and flexible.

Advantageously, a provisional identification code is created by specifying a time period in a released area profile; and if within the period of time granted by the reading device of the door fitting that allows access to the secured area of the shared area profile Identification code is read, which coincides with the provisional identification code, the read identification code is included in the released area profile as a valid identification code.

This has the advantage that no identification code has to be included in the released area profile by the computer device, but that, for example, the next-time read identification code is included in the area profile as a valid identification code, which makes the operation of the access control system simple and flexible.

Advantageously, the central computer unit transmits at least part of an area profile for the area secured by a door fitting to the door fitting via a communicative connection; a processor of a door fitting checks whether an identification code read in by the reading device of the door fitting matches a valid identification code of the transmitted area profile for the area secured by the door fitting. Advantageously, the area profile is stored at least partially in a computer-readable data memory of the central computer unit. Advantageously, the area profile is at least partially stored in a computer-readable data memory of the door fitting. Advantageously, the central computer unit transmits at least part of an area profile for the area secured by a door fitting to the door fitting via a communicative connection; a processor of a door fitting checks whether an identification code read in by the reading device of the door fitting matches a valid identification code of the transmitted area profile for the area secured by the door fitting; upon successful verification of the read identification code, the processor transmits an access signal to an actuator of the door fitting; and the actuator is granted access to the area secured by the door fitting for the transmitted access signal.

This has the advantage that a processor of a door fitting on site checks whether a read from the reading device of the door fitting identification code with a valid identification code of the area profile for the secured area of the door fitting matches, which makes the operation of the access control system quickly because no time-consuming requests of the door fitting at the remote from the door fitting central computer unit for the purpose of verification are necessary. The communication of the area profile for the area secured by the door fitting to the reading device can take place at regular and / or irregular intervals, for example when an updating of the area profile stored in the computer-readable data memory of the door fitting occurs. Also, not the entire area profile needs to be transmitted, but it is sufficient to transmit part of the area profile, which reduces the transmission time. For example, only a modified part of the scope profile is submitted.

Advantageously, an identification code read in by a reading device is transmitted via a communicative connection to the central computer unit. Advantageously, the central computer unit checks whether an identification code read in by a reading device of a door fitting matches a valid identification code of an area profile for the area secured by the door fitting of the reading device. Advantageously, upon successful verification of the read identification code from the central processing unit an access signal via the communicative connection to an actuator of the door fitting transmitted; and the actuator is granted access to the area secured by the door fitting for the transmitted access signal.

This has the advantage that the remote central computer unit checks whether an identification code read in by the reading device coincides with a valid identification code of the area profile for the area secured by the door fitting of the reading device, which makes the operation of the access control system secure.

Advantageously, a transmitted authorization code is transmitted by the central computer unit via a communicative connection to a building computer unit; the building computer unit checks whether the submitted authorization code matches a valid authorization code for an area profile; and upon successful verification of the transmitted authorization code, an authorization signal is transmitted to the central computer unit by the building computer unit via a communicative connection. Advantageously, write and read rights for the area profile are released to the computer unit transmitting the authorization code by the central computer unit for a transmitted authorization signal.

This has the advantage that a building computer unit as a further instance performs the verification of the transmitted authorization code. The communication of the transmitted authorization code from the central computer unit to the building computer unit and the transmission of the authorization signal back to the central computer unit via a communicative connection, which makes the operation of the access control system safe.

Advantageously, in the case of successful checking of the transmitted authorization code, the central computer unit releases write and read rights for the area profile to the computer unit transmitting the authorization code.

This has the advantage that the remote central computer unit, upon successful verification of the transmitted authorization code, releases write and read rights for the area profile to the computer unit transmitting the authorization code, which makes the operation of the access control system secure.

Advantageously, the access control system for carrying out the method comprises the computer unit. Advantageously, the access control system comprises the central computer unit. Advantageously, the access control system comprises a Building computer unit. Advantageously, the access control system comprises a network-supported communicative connection between the computer unit and the central computer unit. Advantageously, the access control system comprises a network-based communicative connection between the central computer unit and the door fitting. Advantageously, the access control system comprises reading the identification code of the mobile data carrier via a data transmission by the reading device. Advantageously, the access control system comprises a network-based communicative connection between the central computer unit and a building computer unit.

This has the advantage that a simple and secure communicative connection between the computer unit and the central computer unit, a simple and secure communicative connection between the central computer unit and the door fitting, a simple and secure data transmission from the mobile data carrier to the door fitting, as well as a simple and secure communicative connection between the central computer unit and the building computer unit.

Advantageously, the door fitting is arranged on a door leaf of a door secured to the door fitting area. Advantageously, the reading device is arranged in a door trim of the door fitting. Advantageously, a processor is arranged in a door fitting of the door fitting. Advantageously, a computer-readable data memory is arranged in a door fitting of the door fitting. Advantageously, a transmitting and receiving unit for a network-based communicative connection between the central computer unit and the door fitting is arranged in a door fitting of the door fitting. Advantageously, an electrical power supply is arranged in a door fitting of the door fitting.

This has the advantage that the door fitting and its components are arranged compact and vandal-proof. Advantageously, the computer unit is arranged in the area secured by the door fitting.

This has the advantage that from a secured area of the building, an identification code of a mobile data carrier in the area profile for a secure area of the building can be added and / or removed, which makes the operation of the access control system simple, flexible and secure.

Advantageously, a computer program product comprises at least one computer program means which is suitable for implementing the method for operating an access control system by carrying out at least one method step if the computer program means in at least one processor of the door fitting and / or in at least one processor Computing unit and / or in at least one processor of the central processing unit and / or in at least one processor of the building computer unit is loaded. Advantageously, a computer-readable data memory comprises such a computer program product.

Fig. 1

zeigt eine schematische Darstellung des Verfahrens zum Betreiben eines Zutrittskontrollsystems;

Fig. 2

zeigt eine schematische Ansicht eines Teils eines Türbeschlags eines Zutrittskontrollsystems gemäss Fig. 1;

Fig. 3

zeigt ein Flussdiagramm mit Schritten eines erstes Ausführungsbeispiels des Verfahrens gemäss Fig. 1; und

Fig. 4

zeigt ein Flussdiagramm mit Schritten eines zweiten Ausführungsbeispiels des Verfahrens gemäss Fig. 1;

Fig. 5

zeigt ein Flussdiagramm mit Schritten eines dritten Ausführungsbeispiels des Verfahrens gemäss Fig. 1;

Fig. 6

zeigt ein Flussdiagramm mit Schritten eines vierten Ausführungsbeispiels des Verfahrens gemäss Fig. 1;

Fig. 7

zeigt ein Flussdiagramm mit Schritten eines fünften Ausführungsbeispiels des Verfahrens gemäss Fig. 1; und

Fig. 8

zeigt ein Flussdiagramm mit Schritten eines sechsten Ausführungsbeispiels des Verfahrens gemäss Fig. 1.

Reference to the figures , embodiments of the invention will be explained in detail.

Fig. 1

shows a schematic representation of the method for operating an access control system;

Fig. 2

shows a schematic view of a part of a door fitting of an access control system according to Fig. 1 ;

Fig. 3

shows a flowchart with steps of a first embodiment of the method according to Fig. 1 ; and

Fig. 4

shows a flowchart with steps of a second embodiment of the method according to Fig. 1 ;

Fig. 5

shows a flowchart with steps of a third embodiment of the method according to Fig. 1 ;

Fig. 6

shows a flowchart with steps of a fourth embodiment of the method according to Fig. 1 ;

Fig. 7

shows a flowchart with steps of a fifth embodiment of the method according to Fig. 1 ; and

Fig. 8

shows a flowchart with steps of a sixth embodiment of the method according to Fig. 1 ,

Fig. 1 shows a schematic representation of the method for operating an access control system in a building. For the purposes of the present invention, the term building is to be interpreted broadly. A building has at least one secured area. The door 5 allows access to this secured area of the building. The secured area may be a room, a hallway, a staircase, a lift, a tract, a hall, a garage, an atrium, a garden, an apartment, an office, a surgery, a hotel room, a laboratory, a cell, etc be of the building.

The door 5 has according Fig. 1 at least one door leaf 51, at least one door fitting 1, at least one door frame 52 and at least one door sill 53. The door frame 52 is firmly and stably anchored in the masonry of the building. The door 5 can be opened and closed. Access to the secure area of the building takes place when the door 5 is open by exceeding the door threshold 52. When the door 5 is closed, there is no access to the secured area of the building.

The door fitting 1 has according Fig. 2 at least one door set 11 with at least one latch 16 and at least one latch 17. The door set 11 has an inner fitting and an outer fitting. Between the inner fitting and the outer fitting, the door fitting forms a cavity. The inner fitting is arranged on the side of the door 5 to the interior of the building or to the interior of the secured area of the building. Both on the inner fitting and the outer fitting a latch 17 may be arranged. The exterior fitting is on the side of the door 5 to the outside of the building or to the outside of the secured area of the building arranged. The door set 11 is at least partially resistant to protection against sabotage resistant and made of hardened stainless steel, spring steel, etc. manufactured. When the door 5 is closed, the latch 16 is latched into at least one strike plate 54 of the door frame 52. When the door 5 is open, the latch 16 is not locked in the strike plate 54 of the door frame 52. The latch 16 can be operated by pressing the pawl 17. Latch 16 and pawl 17 are non-positively coupled to each other via a coupling 15. The clutch 15 can be activated or deactivated by movement of at least one clutch lever. When activated clutch 15 actuation of the pawl 17 is transferred to the latch 16. When the clutch 15 is deactivated, no actuation of the pawl 17 is transmitted to the latch 16. In this case, latch 17 and latch 16 are decoupled and the closed door 5 can not be opened by operating the latch 17. At least one actuator 18 may move the clutch lever and activate or deactivate the clutch 15. The actuator 18 is, for example, an electric motor, which is supplied by at least one electrical power supply 19 with electric current and moves the clutch lever. The actuator 18 is driven by at least one access signal. In the absence of an access signal, the clutch 15 is deactivated, in the presence of an access signal, the clutch 15 is activated. The activation of the clutch 15 is advantageously limited in time to a few seconds, for example five seconds, etc., such that the actuator 18 automatically deactivates the clutch 15 at the end of this period. Such a short period of time is not mandatory. The person skilled in the art can, with knowledge of the present invention, also keep the clutch 15 activated for any desired length of time. The electrical power supply 19 is also arranged in the cavity of the door fitting 15 and consists of a battery or a rechargeable battery or a fuel cell or a solar cell with an energetic autonomy of one year, preferably two years. On the door fitting 1 can also at least one lamp such as a light emitting diode (LED), an organic light emitting diode

(OLED), etc. may be arranged. For example, a colorful LED is arranged, which can shine in different colors such as green, red, yellow, blue, etc. For example, several LEDs are arranged, which can shine in different colors such as green, red, yellow, blue, etc. On the door fitting 1 can also be arranged at least one speaker, who can spend at least one sound. The lighting of the lamp and / or the sound of the loudspeaker is / are perceptible by a person in the area of the door and can / at least represent a status information. For example, in the presence of an access signal, the light is activated to a green flashing; For example, in the presence of an interference signal, the light becomes a flashing red. For example, if an access signal is present, the loudspeaker is activated to a 500 Hz tone; For example, if an interference signal is present, the loudspeaker is activated to a 1000 Hz tone.

• Die Datenübermittlung 21 basiert beispielsweise auf einer kontaktlosen Datenübermittlung 21 wie Radio Frequency Identification Device (RFID gemäss ISO11785). Die Radiofrequenzen liegen beispielsweise in Bändern bei 125kHz, 13.6MHz, usw.. Der mobile Datenträger 2 ist ein RFID mit mindestens einer elektrischen Spule und mindestens einem computerlesbaren Datenspeicher, in dem mindestens ein Identifikationscode gespeichert ist. Das RFID weist keine eigene elektrische Stromversorgung auf. Das RFID hat beispielsweise die Form einer Kreditkarte oder ist in einem Schlüsselanhänger integriert. Die Antenne der Lesevorrichtung 10 sendet Radiofrequenzen aus. Die Reichweite der Antenne beträgt einige Zentimeter. Sobald das RFID in der Reichweite der Radiofrequenzverbindung 21 gelangt, wird das RFID über die elektrische Spule durch die Radiofrequenzen energetisch aktiviert und der im computerlesbaren Datenspeicher gespeicherte Identifikationscode des RFID über die elektrische Spule des RFID an die Antenne der Lesevorrichtung 10 gesendet.
• Die Datenübermittlung 21 basiert beispielsweise auf einer kontaktlosen Datenübermittlung 21 wie Bluetooth (IEEE802.15.1), ZigBee (IEEE802.15.4), WiFi(IEEE802.11), usw.. Die Radiofrequenzen liegen beispielsweise in Bändern bei 800 bis 900MHz, 1800 bis 1900MHz, 1.7 bis 2.7GHz, usw.. Die Reichweite der Antenne variiert von einigen Metern bei Bluetooth und ZigBee, bis zu einigen hundert Metern bei WiFi. Der mobile Datenträger 2 ist ein mobiles Gerät wie ein Mobiltelefon, Personal Digital Assistant (PDA), usw. mit mindestens einer Antenne, mindestens einem Prozessor, mindestens einem computerlesbaren Datenspeicher und einer eigenen elektrischen Stromversorgung. Die Antenne der Lesevorrichtung 10 sendet Radiofrequenzen mit Anfragesignalen aus. Sobald das mobile Gerät in der Reichweite der Radiofrequenzverbindung 21 gelangt und ein Anfragesignal der Lesevorrichtung 10 empfängt, sendet die Antenne des mobilen Geräts ein Antwortsignal an die Antenne der Lesevorrichtung 10. Der im computerlesbaren Datenspeicher des mobilen Geräts gespeicherte Identifikationscode wird über die Antenne des mobilen Geräts an die Antenne der Lesevorrichtung 10 gesendet.
• Die Datenübermittlung 21 kann aber auch auf einem kontaktbehafteten Einlesen eines Magnetstreifens und/oder eines elektronischen Datenspeichers basieren. In diesem Fall ist der mobile Datenträger 2 eine Karte mit einem Magnetstreifen und/oder einem elektronischen Datenspeicher. Der Magnetstreifen und/oder der elektronische Datenspeicher wird von einem magnetischen Durchzugleser oder einem elektronischen Durchzugleser der Lesevorrichtung 10 gelesen.
• Auch kann die Datenübermittlung 21 auf dem Lesen eines biometrischen Signals durch einen biometrischen Sensor basieren. In diesem Fall ist der mobile Datenträger 2 eine Fingerkuppe einer
  Person, eine Hand einer Person, ein Gesicht einer Person, eine Iris einer Person, ein Körper einer Person, ein Geruch einer Person, usw., der von einem biometrischen Sensor der Lesevorrichtung 10 als Fingerabdruck, Handgeometrie, Gesichtsprofil, Irisprofil, Netzhautscan, Thermogramm, Geruch, Gewicht, Stimme, Unterschrift, usw. gelesen wird.
  Mindestens eine Sende- und Empfangseinheit 12, mindestens ein Prozessor 13 und mindestens ein computerlesbarer Datenspeicher 14 sind in der Türgarnitur 11 angeordnet und werden von der elektrischen Stromversorgung 17 mit elektrischem Strom versorgt. Die Sende- und Empfangseinheit 12 realisiert mindestens eine netzwerkgestützte kommunikative Verbindung 41 zwischen dem Türbeschlag 1 und mindestens einer Zentralrechnereinheit 4. Die Sende- und Empfangseinheit 12, der Prozessor 13 und der computerlesbare Datenspeicher 14 sind auf mindestens einer Platine angeordnet und über mindestens eine Signalleitung miteinander verbunden. Aus dem computerlesbaren Datenspeicher 14 wird mindestens ein Computerprogramm-Mittel in den Prozessor 13 geladen und ausgeführt. Das Computerprogramm-Mittel steuert die Kommunikation zwischen der Sende- und Empfangseinheit 12, dem Prozessor 13 und dem computerlesbare Datenspeicher 14. Das Computerprogramm-Mittel steuert auch die kommunikative Verbindung 41.
  Mindestens eine Zentralrechnereinheit 4 weist mindestens eine Sende- und Empfangseinheit 42, mindestens einen Prozessor 43 und mindestens einen computerlesbaren Datenspeicher 44 auf. Die Sende- und Empfangseinheit 42 realisiert mindestens eine netzwerkgestützte kommunikative Verbindung 41 zwischen der Zentralrechnereinheit 4 und mindestens einem Türbeschlag 1 und/oder mindestens eine netzwerkgestützte kommunikative Verbindung 31, 31' zwischen der Zentralrechnereinheit 4 und mindestens einer Rechnereinheit 3. Aus dem computerlesbaren Datenspeicher 44 wird mindestens ein Computerprogramm-Mittel in den Prozessor 43 geladen und ausgeführt. Das Computerprogramm-Mittel steuert die Kommunikation zwischen der Sende- und Empfangseinheit 42, dem Prozessor 43 und dem computerlesbare Datenspeicher 44. Das Computerprogramm-Mittel steuert auch die kommunikative Verbindung 31, 31', 41, 41'. Die Zentralrechnereinheit 4 kann ein Mikrocomputer wie eine Workstation, Personal Computer (PC), usw. sein. Die Zentralrechnereinheit 4 kann aus einem hierarchischen Verbund mehrerer Mikrocomputer bestehen. Die Zentralrechnereinheit 4 kann im Gebäude und/oder entfernt vom Gebäude angeordnet sein. In einer Ausführungsform können der Prozessor 43 und ein erster computerlesbarer Datenspeicher 44 in einer Zentrale zur Wartung des Zutrittkontrollsystems angeordnet sein, während ein weiterer computerlesbarer Datenspeicher 44 im Gebäude des Zutrittkontrollsystems angeordnet ist.
  Mindestens eine Rechnereinheit 3 weist mindestens eine Sende- und Empfangseinheit 32, mindestens einen Prozessor 33 und mindestens einen computerlesbaren Datenspeicher 34 auf. Die Sende- und Empfangseinheit 32 realisiert mindestens eine netzwerkgestützte kommunikative Verbindung 41, 41' zwischen der Rechnereinheit 3 und mindestens einer Zentralrechnereinheit 4. Aus dem computerlesbaren Datenspeicher 34 wird mindestens ein Computerprogramm-Mittel in den Prozessor 33 geladen und ausgeführt. Das Computerprogramm-Mittel steuert die Kommunikation zwischen der Sende- und Empfangseinheit 32, dem Prozessor 33 und dem computerlesbare Datenspeicher 34. Die Rechnereinheit 3 kann ein mobiler Mikrocomputer wie ein PC, Notebook, Netbook, Mobiltelefon, PDA, usw. sein. Das Computerprogramm-Mittel steuert auch die kommunikative Verbindung 41. Von der Rechnereinheit 3 aus kann somit über ein Computerprogramm-Mittel eine netzwerkgestützte kommunikative Verbindung 41, 41' zwischen der Rechnereinheit 3 und der Zentralrechnereinheit 4 aufgebaut, aufrechterhalten und wieder beendet werden. Das Computerprogramm-Mittel kann ein Computerprogramm zum Betrachten von computergestützten Seiten des World Wide Web sein. Solche Webbrowser sind unter den Namen Internet Explorer, Firefox, Opera, usw. bekannt. Die Rechnereinheit 3 kann im Gebäude und/oder entfernt vom Gebäude angeordnet sein.
  Mindestens eine Gebäuderechnereinheit 6 weist mindestens eine Sende- und Empfangseinheit 62, mindestens einen Prozessor 63 und mindestens einen computerlesbaren Datenspeicher 64 auf. Die Sende- und Empfangseinheit 62 realisiert mindestens eine netzwerkgestützte kommunikative Verbindung 61, 61' zwischen der Gebäuderechnereinheit 6 und der Zentralrechnereinheit 4. Aus dem computerlesbaren Datenspeicher 64 wird mindestens ein Computerprogramm-Mittel in den Prozessor 63 geladen und ausgeführt. Das Computerprogramm-Mittel steuert die Kommunikation zwischen der Sende- und Empfangseinheit 62, dem Prozessor 63 und dem computerlesbare Datenspeicher 64. Das Computerprogramm-Mittel steuert auch die kommunikative Verbindung 61, 61'. Die Gebäuderechnereinheit 6 kann ein Mikrocomputer wie eine Workstation, Personal Computer (PC), usw. sein. Die Gebäuderechnereinheit 6 kann aus einem hierarchischen Verbund mehrerer Mikrocomputer bestehen. Die Gebäuderechnereinheit 6 kann im Gebäude und/oder entfernt vom Gebäude angeordnet sein.

At least one reading device 10 is arranged in the door set 11 and is supplied by the electric power supply 17 with electric current. The reading device 10 has at least one antenna for radio frequencies, a magnetic pass-through reader, an electronic pass-through reader, a biometric sensor, etc. for a data transmission 21 from at least one mobile data carrier 2. Exemplary embodiments of the mobile data carrier 2 are explained below:

• The data transmission 21 is based for example on a contactless data transmission 21 such as Radio Frequency Identification Device ( RFID according to ISO11785). The radio frequencies are, for example, in bands at 125 kHz, 13.6 MHz, etc. The mobile data carrier 2 is an RFID with at least one electrical coil and at least one computer-readable data memory in which at least one identification code is stored. The RFID does not have its own electrical power supply. The RFID has the form of a credit card, for example, or is integrated in a key fob. The antenna of the reading device 10 emits radio frequencies. The range of the antenna is a few centimeters. Once the RFID in the Range reaches the radio frequency connection 21, the RFID is energetically activated via the electric coil by the radio frequencies and sent the stored in the computer-readable data memory identification code of the RFID via the electrical coil of the RFID to the antenna of the reading device 10.
• The data transmission 21 is based, for example, on a contactless data transmission 21 such as Bluetooth (IEEE802.15.1), ZigBee (IEEE802.15.4), WiFi (IEEE802.11), etc. The radio frequencies are for example in bands at 800 to 900 MHz, 1800 to 1900 MHz. 1.7 to 2.7GHz, etc. The range of the antenna varies from a few meters for Bluetooth and ZigBee, up to several hundred meters for WiFi. The mobile data carrier 2 is a mobile device such as a mobile telephone, personal digital assistant (PDA), etc. with at least one antenna, at least one processor, at least one computer-readable data memory and its own electrical power supply. The antenna of the reading device 10 transmits radio frequencies with request signals. Once the mobile device comes within range of the radio frequency link 21 and receives a request signal from the reader 10, the antenna of the mobile device sends a response signal to the antenna of the reader 10. The identification code stored in the computer readable data memory of the mobile device is transmitted through the antenna of the mobile device sent to the antenna of the reading device 10.
• The data transmission 21 can, however, also be based on a contact-type read-in of a magnetic stripe and / or an electronic data memory . In this case, the mobile data carrier 2 is a card with a magnetic stripe and / or an electronic data memory. The magnetic stripe and / or the electronic data memory is read by a magnetic pass-through reader or an electronic pass-through reader of the reading device 10.
• Also, the data communication 21 may be based on reading a biometric signal by a biometric sensor. In this case, the mobile data carrier 2 is a fingertip of a
  Person, a person's hand, a person's face, an individual's iris, a person's body, a person's smell, etc., from a reader 10 biometric sensor as a fingerprint, hand geometry, face profile, iris profile, retinal scan, thermogram , Smell, weight, voice, signature, etc. is read.
  At least one transmitting and receiving unit 12, at least one processor 13 and at least one computer-readable data memory 14 are arranged in the door set 11 and are supplied by the electrical power supply 17 with electric current. The transmitting and receiving unit 12 implements at least one network-supported communicative connection 41 between the door fitting 1 and at least one central computer unit 4. The transmitting and receiving unit 12, the processor 13 and the computer-readable data memory 14 are arranged on at least one circuit board and via at least one signal line with each other connected. From the computer-readable data memory 14 at least one computer program means is loaded into the processor 13 and executed. The computer program means controls the communication between the transmitting and receiving unit 12, the processor 13 and the computer readable data memory 14. The computer program means also controls the communicative connection 41.
  At least one central computer unit 4 has at least one transmitting and receiving unit 42, at least one processor 43 and at least one computer-readable data memory 44. The transmitting and receiving unit 42 implements at least one network-based communicative connection 41 between the central computer unit 4 and at least one door fitting 1 and / or at least one network-based communicative connection 31, 31 'between the central computer unit 4 and at least one computer unit 3. From the computer-readable data memory 44 at least one computer program means is loaded into the processor 43 and executed. The computer program means controls the communication between the transmitting and receiving unit 42, the processor 43 and the computer readable data memory 44. The computer program means also controls the communicative connection 31, 31 ', 41, 41'. The central processing unit 4 may be a microcomputer such as a workstation, personal computer (PC), etc. The central computer unit 4 may consist of a hierarchical network of several microcomputers. The central computer unit 4 may be located in the building and / or away from the building. In one embodiment, the processor 43 and a first computer-readable data memory 44 may be located in a central office for the maintenance of the access control system, while another computer-readable data memory 44 is located in the building of the access control system.
  At least one computer unit 3 has at least one transmitting and receiving unit 32, at least one processor 33 and at least one computer-readable data memory 34. The transmitting and receiving unit 32 realizes at least one network-based communicative connection 41, 41 'between the computer unit 3 and at least one central computer unit 4. At least one computer program means is loaded and executed in the processor 33 from the computer-readable data memory 34. The computer program means controls the communication between the transmitting and receiving unit 32, the processor 33 and the computer readable data memory 34. The computer unit 3 may be a mobile microcomputer such as a PC, notebook, netbook, mobile phone, PDA, etc. The computer program means also controls the communicative connection 41. From the computer unit 3, a network-based communicative connection 41, 41 'can thus be set up, maintained and terminated again by the computer unit. The computer program means may be a computer program for viewing computer-aided pages of the World Wide Web. Such web browsers are known as Internet Explorer, Firefox, Opera, and so on. The computer unit 3 may be located in the building and / or away from the building.
  At least one building computer unit 6 has at least one transmitting and receiving unit 62, at least one processor 63 and at least one computer-readable data memory 64 . The Transmitting and receiving unit 62 realizes at least one network-based communicative connection 61, 61 'between the building computer unit 6 and the central computer unit 4. At least one computer program means is loaded and executed from the computer-readable data memory 64 into the processor 63. The computer program means controls the communication between the transmitting and receiving unit 62, the processor 63 and the computer readable data memory 64. The computer program means also controls the communicative connection 61, 61 '. The building computer unit 6 may be a microcomputer such as a workstation, personal computer (PC), etc. The building computer unit 6 can consist of a hierarchical combination of several microcomputers. The building computer unit 6 may be located in the building and / or away from the building.

• Die kommunikativen Verbindung 31, 31', 41, 41', 61, 61' kann ein Netzwerk wie Ethernet, ARCNET, usw. mit mindestens einer elektrischen- bzw. optischen Signalleitung sein. Das Netzwerk erlaubt eine bidirektionale Kommunikation gemäss bekannten und bewährten Netzwerk-Protokollen wie das Transmission Control Protocol / Internet-Protocol (TCP/IP), Hypertext Transfer Protocol (HTML), Simple Mail Transfer Protocol (SMTP), Internet Message Access Protocol (IMAP), Internet Packet Exchange (IPX), usw.. Die Teilnehmer im Netzwerk sind über Netzwerkadressen eindeutig adressierbar. Zur Erhöhung der Sicherheit bei der kommunikative Verbindung 31, 31', 41, 41', 61, 61' erfolgt die Übermittlung von sicherheitsrelevanten Daten in verschlüsselter Form über eine verschlüsselte kommunikative Verbindung 31', 41', 61'. Bekannte Verschlüsselungsprotokolle sind das Secure Sockets Layer (SSL), Secure Multipurpose Internet Mail Extensions (S/MIME), usw.. Das Verschlüsselungsprotokoll ist im Open Systems Interconnection (OSI) Referenzmodell oberhalb der TCP Transportschicht und unterhalb von Anwendungsprogrammen wie HTML oder SMTP platziert. Mit 31, 41, 61 wird eine unverschlüsselte kommunikative Verbindung bezeichnet.
• Die kommunikative Verbindung 31, 41, 61 kann ein Telefon-Funknetz wie Global Systems for Mobile Communications (GSM), General Radio Packet Services (GPRS), Enhanced Data Rate for GSM Evolution (EDGE), Universal Mobile Telecommunications System (UMTS), High Speed Download Packet Access (HSDPA), usw. sein. Die vom Telefon-Funknetz verwendeten Frequenzen liegen bei GSM und GPRS in Bändern bei 800 bis 900MHz und 1800 bis 1900MHz, sowie bei UMTS und HSDPA bei 700 bis 900MHz und 1.7 bis 2.7GHz.
• Die kommunikative Verbindung 31, 41, 61 kann ein Telefon-Festnetz wie Public Switched Telecommunication Network (PSTN) sein. Das Telefon-Festnetz kann analog und/oder digital ausgestaltet sein. Bei einem analogen Telefon-Festnetz werden analoge Tonsignale übermittelt. Die Bandbreite ist dabei auf den Frequenzbereich von 300 bis 3400Hz begrenzt. Neben einem Sprachsignal werden weitere Signale wie ein Wählsignal, ein Rufsignal, usw. übermittelt. Ein digitales Telefon-Festnetz ist als Integrated Services Digital Network (ISDN), Asymetric Digital Subscriber Line (ADSL), Very High Data Rate Digital Subscriber Line (VDSL), usw. bekannt. Beim ADSL wird ein wesentlich grösserer Frequenzbereich von 200Hz bis 1.1MHz ausgenutzt.

Exemplary embodiments of the communicative connection 31, 31 ', 41, 41', 61, 61 'are explained below:

• The communicative connection 31, 31 ', 41, 41', 61, 61 'may be a network such as Ethernet, ARCNET, etc. with at least one electrical or optical signal line. The network allows bidirectional communication according to well-known and proven network protocols such as Transmission Control Protocol / Internet Protocol (TCP / IP), Hypertext Transfer Protocol (HTML), Simple Mail Transfer Protocol (SMTP), Internet Message Access Protocol (IMAP) , Internet Packet Exchange (IPX), etc. The network subscribers are uniquely addressable via network addresses. In order to increase security in the communicative connection 31, 31 ', 41, 41', 61, 61 ', the transmission of security-relevant data takes place in encrypted form via an encrypted communicative connection 31', 41 ', 61'. Known encryption protocols are Secure Sockets Layer (SSL), Secure Multipurpose Internet Mail Extensions (S / MIME), etc. The encryption protocol is placed in the Open Systems Interconnection (OSI) reference model above the TCP transport layer and below application programs such as HTML or SMTP. 31, 41, 61 denotes an unencrypted communicative connection.
• The communicative link 31, 41, 61 may be a telephone radio network such as Global Systems for Mobile Communications (GSM), General Radio Packet Services (GPRS), Enhanced Data Rate for GSM Evolution (EDGE), Universal Mobile Telecommunications System (UMTS), High Speed Download Packet Access (HSDPA), etc. The frequencies used by the telephone radio network are in bands of 800 to 900MHz and 1800 to 1900MHz for GSM and GPRS, and 700 to 900MHz and 1.7 to 2.7GHz for UMTS and HSDPA.
• The communicative connection 31, 41, 61 may be a telephone landline such as Public Switched Telecommunication Network (PSTN). The telephone landline can be designed analog and / or digital. In an analog telephone landline analog audio signals are transmitted. The bandwidth is limited to the frequency range of 300 to 3400Hz. In addition to a voice signal further signals such as a dial signal, a call signal, etc. are transmitted. A fixed digital telephone network is known as Integrated Services Digital Network (ISDN), Asymmetric Digital Subscriber Line (ADSL), Very High Data Rate Digital Subscriber Line (VDSL), and so on. With ADSL a much larger frequency range from 200Hz to 1.1MHz is used.

With knowledge of the present invention, the person skilled in the art can also realize the communicative connection 31, 41, 61 in encrypted form via a telephone radio network and / or a telephone landline network.

• Mit Entität wird mindestens eine Person und/oder sachlicher Gegenstand bezeichnet, welche Entität für diesen Identifikationscode Zutritt zu diesem gesicherten Bereich des Gebäudes hat. Die Person kann ein Mensch oder ein Tier sein. Der sachliche Gegenstand kann ein Fahrzeug, eine Pallette, ein Container, ein Roboter, usw. sein.
• Mit Name und Vorname werden der Name und Vorname der Entität bezeichnet. Bei einer Person werden der Name und der Vorname der Person angegeben, wie sie in offiziellen Dokumenten wie einem Personalausweis, Reiseausweis, usw. dieser Person angegeben sind.
• Der Identifikationscode besteht beispielsweise aus mindestens einer Ziffernfolge, die verschlüsselt oder unverschlüsselt sein kann, mit der sich die Entität identifizieren muss, um Zutritt zu diesem gesicherten Bereich des Gebäudes zu erhalten. Die Ziffernfolge kann numerisch, alphanumerisch, usw. sein. Der Identifikationscode kann auch mindestens eine eigenständige Datei sein, die verschlüsselt oder unverschlüsselt sein kann. Der Identifikationscode kann auch mindestens ein biometrisches Signal der Entität sein, das als eigenständige Datei verschlüsselt oder unverschlüsselt sein kann.
• Mit Leserecht wird eine Berechtigung der Entität verstanden, den Inhalt des Bereichsprofils zu lesen. Mit Schreibrecht wird eine Berechtigung der Entität verstanden, den Inhalt des Bereichsprofils zu lesen und zu verändern.
• Mit Historie werden gespeicherte Zutritte und/oder Austritte der Entität zu diesem gesicherten Bereich des Gebäudes bezeichnet. Beispielsweise umfasst die Historie das Datum und die Uhrzeit eines jeden Zutritts zu diesem gesicherten Bereich des Gebäudes sowie das Datum und die Uhrzeit eines jeden Austritts aus diesem gesicherten Bereich des Gebäudes.
• Mit Zeitzone wird eine zeitliche Begrenzung des Zutritts der Entität zu diesem gesicherten Bereich des Gebäudes bezeichnet. Die Zeitzone kann nur bestimmte Stunden einer Woche umfassen, beispielsweise für eine Entität die diesen gesicherten Bereich des Gebäudes Wochentags zwischen 20Uhr und 21Uhr reinigen soll. Die Zeitzone kann aber auch unbegrenzt sein, beispielsweise für eine Person, die in diesen gesicherten Bereich des Gebäudes permanent wohnt. Eine Zeitzone kann sich beliebig oft wiederholen, sie kann aber auch nur einmal dauern. Beispielsweise übernachtet eine Person eine einzige Nacht in einem Hotelzimmer als gesicherten Bereich des Gebäudes. Für diese Person beginnt die Zeitzone dann um zwölf Uhr mittags des ersten Tags und dauert ganze Nacht durch bis elf Uhr mittags des darauffolgenden Tages.
• Mit Gültigkeit wird angegeben, ob der Identifikationscode zu diesem gesicherten Bereich des Gebäudes zum jetzigen Zeitpunkt gültig ist. Falls ein Identifikationscode zu einem früheren Zeitpunkt gültig gewesen ist und zum jetzigen Zeitpunkt ungültig ist, kann diese frühere Gültigkeit mit einem Datum und einer Uhrzeit dieser Veränderung versehen sein.

The access control system operates access to a secured area of the building over at least one area profile. The area profile is, for example, a computer-readable file and can be stored at least partially in a computer-readable data memory 14 of the door fitting 1 and / or in a computer-readable data memory 44 of the central computer unit 4. An area profile refers to a secured area of the building and includes at least one entity and for this entity includes the area profile various information such as name, first name, identification code, read, write, history, time zone, validity, etc.

• Entity means at least one person and / or factual object which entity has access to that secured area of the building for that identification code. The person can be a human or an animal. The subject matter may be a vehicle, a pallet, a container, a robot, etc.
• Name and first name are the name and first name of the entity. For a person, the name and first name of the person as given in official documents such as a personal ID card, travel document, etc. of that person are given.
• The identification code consists, for example, of at least one sequence of numbers, which may be encrypted or unencrypted, with which the entity must identify itself in order to gain access to this secure area of the building. The digit string can be numeric, alphanumeric, and so on. The identification code can also be at least one stand-alone file, which can be encrypted or unencrypted. The identification code may also be at least one biometric signal of the entity, which may be encrypted or unencrypted as a stand-alone file.
• Read permission is understood to mean permission of the entity to read the contents of the scope profile. With write permission, an authorization of the entity is understood to read and change the content of the area profile.
• History refers to stored entrances and / or exits of the entity to this secure area of the building. For example, the history includes the date and time of each access to that secured area of the building as well as the date and time of each exit from that secured area of the building.
• Time zone refers to a time limit of access of the entity to this secure area of the building. The time zone may only include certain hours of a week, for example, for an entity to clean that secured area of the building on weekdays between 8pm and 9pm. The time zone can also be unlimited, for example, for a person who permanently lives in this secure area of the building. A time zone can be repeated as often as you like, but it can only take one time. For example, a person sleeps a single night in a hotel room as a secured area of the building. For this person, the time zone then starts at noon on the first day and lasts all night through until eleven o'clock in the afternoon of the following day.
• It is valid whether the identification code for this secured area of the building is valid at the present time. If an identification code has been valid at an earlier date and is invalid at the present time, this earlier validity may be provided with a date and time of this change.

• Der gesicherte Bereich des Gebäudes besteht beispielsweise aus mehreren Büros einer Firma, in denen wochentags mehrere Personen arbeiten. Für die Büros dieser Firma existieren mehrere Bereichsprofile, mit einem Bereichsprofil für jedes Büro. Wenn nun eine dieser Personen die Tätigkeit wechselt und nicht mehr im alten Büro, sondern in einem neuen Büro der Firma arbeitet, so müssen die Bereichsprofile für dieses alte Büro und für dieses neue Büro verändert werden. Im Bereichsprofil für das alte Büro werden entweder die Angaben zur Entität, zum Namen, zum Vornamen dieser Person entfernt oder im Bereichsprofil für das alte Büro wird die Angabe Gültigkeit für diese Person auf ungültig gesetzt oder im Bereichsprofil für das alte Büro wird die Angabe Zeitzone auf Null gesetzt, d.h. Zutritt wird zu keiner Zeit gewährt. Im Bereichsprofil für das neue Büro werden die Angaben zur Entität, zum Namen, zum Vornamen, zum Identifikationscode und zur Zeitzone für diese Person aufgenommen. Die Person hat weder ein Leserecht noch ein Schreibrecht am Bereichsprofil für das neue Büro.
• Der gesicherte Bereich des Gebäudes besteht beispielsweise aus einer Wohnung, in der eine Familie mit mehreren Personen permanent wohnt. Das Bereichsprofil für diese Wohnung umfasst nur Angaben zu den Personen der Familie. Wenn nun die Familie in die Ferien geht und die Wohnung für zwei Wochen verlässt, und der Nachbar in diesen zwei Wochen die Blumen in der Wohnung giessen soll, so muss das Bereichsprofil für diese Wohnung verändert werden. Im Bereichsprofil für diese Wohnung wird eine neue Entität für den Nachbarn aufgenommen, mit Angaben zum Namen, zum Vornamen, zum Identifikationscode und zur Zeitzone. Der Nachbar hat weder ein Leserecht noch ein Schreibrecht. Die Zeitzone beträgt zwei Wochen, solange wie die Ferien dauern.

During operation of the access control system, the information in the area profile is maintained . Exemplary embodiments are explained below:

• The secured area of the building consists, for example, of several offices of a company in which several people work weekdays. There are several area profiles for the offices of this company, with an area profile for each office. Now, if one of these people changes jobs and is no longer working in the old office, but in a new office of the company, the area profiles for this old office and for this new office have to be changed. The Old Office section profile either removes the person's name, first name, or first name, or the old office's section profile sets Invalid for that person, or Time Zone in the Old Office section profile Zero set, ie access is never at any time granted. The profile profile for the new office will include the entity, name, first name, identification code and time zone information for that person. The person has neither a read right nor a write right to the area profile for the new office.
• The secured area of the building consists, for example, of an apartment in which a family with several persons lives permanently. The area profile for this apartment includes only information about the persons of the family. If now the family goes on holiday and leaves the apartment for two weeks, and the neighbor in these two weeks to pour the flowers in the apartment, so the area profile for this apartment must be changed. In the area profile for this apartment, a new entity is added for the neighbor, with name, first name, identification code and time zone. The neighbor has neither a read right nor a write right. The time zone is two weeks as long as the holidays last.

To maintain an area profile, at least one authorization code is transmitted from the computer unit 3 to the central computer unit 4. Like the identification code, the authorization code consists of at least one number of digits that can be encrypted or unencrypted. The digit string can be numeric, alphanumeric, and so on. Also, the authorization code may be at least one stand-alone file that is encrypted or unencrypted. The authorization code may also be at least one entity biometric signal that may be encrypted or unencrypted as a stand-alone file. The authorization code can be identical to the identification code. The authorization code can be an address, for example a postal address (e-mail address) for a communication according to SMTP, IMAP, etc.

It is checked if the submitted authorization code matches a valid authorization code for an area profile. Each section profile is linked to a valid authorization code. The valid authorization code can be stored in the central computer unit 4 or in the building computer unit 6. The check can be carried out by the central computer unit 4 and / or the building computer unit 6. In an advantageous embodiment of the method, the transmitted authorization code is transmitted from the central computer unit 4 via a communicative connection 61, 61 'to the building computer unit 6, which building computer unit 6 checks the transmitted authorization code and, upon successful verification, transmits an authorization signal via a communicative connection 61, 61' the central computer unit 4 transmitted.

Upon successful verification of the transmitted authorization code, the central computer unit 4 releases write and read rights for the area profile, which is linked to the transmitted authorization code, to the computer unit 3 transmitting the authorization code. If the verification of the transmitted authorization code has been carried out by the building computer unit 6, the central computer unit 4 releases write and read rights for an area profile only after transmission of a corresponding authorization signal. For a released area profile, a release signal is transmitted to the computer unit 3 by the central computer unit 4 via the communicative connection 31, 31 '. From the computer unit 3, the shared area profile is changed via the communicative connection 31, 31 '. For this purpose, the computer unit 3 transmits at least one change signal via the communicative connection 31, 31 'to the central computer unit 4, which central computer unit 4 converts a change of the area profile for a received change signal. The change of the range profile may include deleting, adding, modifying an indication of the range profile such as name, first name, identification code, read right, write right, history, time zone, validity, etc.

• In einem Schritt S1 wird gemäss Fig. 3 ein Bereichsprofil T1 mit einem gültigen Identifikationscode T2' in der Zentralrechnereinheit 4 gespeichert und liegt dort vor.
• In einem Schritt S1 wird gemäss Fig. 4 und 5 ein Bereichsprofil T1 mit einem gültigen Identifikationscode T2' von der Zentralrechnereinheit 4 über eine kommunikative Verbindung 41, 41' an eine Netzwerkadresse des Türbeschlags 1 übermittelt, der Zutritt zu dem gesicherten Bereich gewährt, auf den sich das Bereichsprofil 1 bezieht. Der Schritt S1 kann bei Bedarf erfolgen, beispielsweise in regelmässigen Zeitabständen wie wöchenbtlich, monatlich, usw. und/oder bei erfolgter Veränderung des Bereichsprofils 1 des durch den Türbeschlag 1 gesicherten Bereichs. Die kommunikative Verbindung 41, 41' kann permanent aufrecht erhalten werden oder sie kann nur für die Belange der Übermittlung des Bereichsprofils T1 aufgebaut werden.
• In einem Schritt S2 wird gemäss Fig. 3 bis 5 ein Identifikationscode T2 eines mobilen Datenträgers 2 von einer Lesevorrichtung 10 des Türbeschlags 1 per Datenübermittlung 21 eingelesen.
• In einem Schritt S3 wird gemäss Fig. 3 ein eingelesener Identifikationscode T2 vom Türbeschlag 1 über eine kommunikative Verbindung 41, 41' an die Netzwerkadresse der Zentralrechnereinheit 4 übermittelt.
• Gemäss Fig. 3 wird der eingelesene Identifikationscode T2 von der Zentralrechnereinheit 4 über die kommunikative Verbindung 41, 41' empfangen. Gemäss Fig. 4 und 5 liegt der eingelesene Identifikationscode T2 im Türbeschlag 1 vor. In einem Schritt S4 wird gemäss Fig. 3 von der Zentralrechnereinheit 4 überprüft, ob der eingelesene Identifikationscode T2 mit einem gültigen Identifikationscode T2' für den durch den Türbeschlag 1 gesicherten Bereich übereinstimmt, welcher gültige Identifikationscode im Bereichsprofil T1 gespeichert ist. Wenn der eingelesene Identifikationscode T2 mit dem gültigen Identifikationscode T2' übereinstimmt, wird von der Zentralrechnereinheit 4 ein Zutrittssignal T4 erzeugt und über eine kommunikative Verbindung 41, 41' an die Netzwerkadresse des Türbeschlags 1 übermittelt, der den Identifikationscode T2 eingelesen und an die Zentralrechnereinheit 4 übermittelt hat. Wenn der eingelesene Identifikationscode T2 mit dem gültigen Identifikationscode T2' nicht übereinstimmt, wird von der Zentralrechnereinheit 4 ein Sperrsignal T4' erzeugt und über eine kommunikative Verbindung 41, 41' an die Netzwerkadresse des Türbeschlags 1 übermittelt, der den Identifikationscode T2 eingelesen und an die Zentralrechnereinheit 4 übermittelt hat.
• In einem Schritt S4 wird gemäss Fig. 4 und 5 vom Türbeschlag 1 überprüft, ob der eingelesene Identifikationscode T2 mit einem gültigen Identifikationscode T2' für den durch den Türbeschlag 1 gesicherten Bereich übereinstimmt, welcher gültige Identifikationscode T2' im Bereichsprofil T1 gespeichert ist. Wenn der eingelesene Identifikationscode T2 mit dem gültigen Identifikationscode T2' übereinstimmt, wird vom Türbeschlag 1 ein Zutrittssignal T4 erzeugt. Wenn der eingelesene Identifikationscode T2 mit dem gültigen Identifikationscode T2' nicht übereinstimmt, wird vom Türbeschlag 1 ein Sperrsignal T4' erzeugt. Gemäss Fig. 5 wird ein eingelesener Identifikationscode T2 und das für diesen ein eingelesenen Identifikationscode T2 erzeugte Sperrsignal T4' vom Türbeschlag 1 über eine kommunikative Verbindung 41, 41' an die Netzwerkadresse der Zentralrechnereinheit 4 übermittelt.
• Gemäss Fig. 5 werden ein eingelesener Identifikationscode T2 und ein für diesen Identifikationscode T2 erzeugtes Sperrsignal T4' von der Zentralrechnereinheit 4 über die kommunikative Verbindung 41, 41' empfangen. In einem Schritt S4' wird gemäss Fig. 5 von der Zentralrechnereinheit 4 überprüft, ob der eingelesene Identifikationscode T2 mit einem gültigen Identifikationscode T2' für den durch den Türbeschlag 1 gesicherten Bereich übereinstimmt, welcher gültige Identifikationscode T2' im Bereichsprofil T1 gespeichert ist. Wenn der eingelesene Identifikationscode T2 mit dem gültigen Identifikationscode T2' übereinstimmt, wird von der Zentralrechnereinheit 4 ein Zutrittssignal T4" erzeugt. Gemäss Fig. 5 werden ein eingelesener Identifikationscode T2 und das für diesen eingelesenen Identifikationscode T2 erzeugte Zutrittssignal T4" von der Zentralrechnereinheit 4 über eine kommunikative Verbindung 41, 41' an die Netzwerkadresse des Türbeschlags 1 übermittelt, der den Identifikationscode T2 eingelesen und an die Zentralrechnereinheit 4 übermittelt hat. Wenn der eingelesene Identifikationscode T2 mit dem gültigen Identifikationscode T2' nicht übereinstimmt, wird von der Zentralrechnereinheit 4 ein Sperrsignal T4"' erzeugt. Gemäss Fig. 5 werden ein eingelesener Identifikationscode T2 und das für diesen eingelesenen Identifikationscode T2 erzeugte Sperrsignal T4"' von der Zentralrechnereinheit 4 über eine kommunikative Verbindung 41, 41' an die Netzwerkadresse des Türbeschlags 1 übermittelt, der den Identifikationscode T2 eingelesen und an die Zentralrechnereinheit 4 übermittelt hat.
• Gemäss Fig. 3 wird ein Zutrittssignal T4 vom Türbeschlag 1 über die kommunikative Verbindung 41, 41' empfangen. Gemäss Fig. 4 liegt ein Zutrittssignal T4 im Türbeschlag 1 vor. Gemäss Fig. 5 werden ein eingelesener Identifikationscode T2 und ein für diesen eingelesenen Identifikationscode T2 erzeugtes Zutrittssignal T4" vom Türbeschlag 1 über die kommunikative Verbindung 41, 41' empfangen. In einem Schritt S5 wird gemäss Fig. 3 bis 5 vom Türbeschlag 1 für ein vorliegendes Zutrittssignal T4 Zutritt zu dem vom Türbeschlag 1 gesicherten Bereich gewährt und/oder eine Zutrittsinformation beispielsweise in Form einer aktivierten Leuchte und/oder eines aktivierten Lautsprechers des Türbeschlags 1 ausgegeben.
• Gemäss Fig. 3 wird ein Sperrsignal T4' vom Türbeschlag 1 über die kommunikative Verbindung 41, 41' empfangen. Gemäss Fig. 4 liegt ein Sperrsignal T4' im Türbeschlag 1 vor. Gemäss Fig. 5 werden ein eingelesener Identifikationscode T2 und ein für diesen eingelesenen Identifikationscode T2 erzeugtes Sperrsignal T4"' vom Türbeschlag 1 über die kommunikative Verbindung 41, 41' empfangen. In einem Schritt S5' wird gemäss Fig. 3 bis 5 vom Türbeschlag 1 für ein vorliegendes Sperrsignal T4', T4"' kein Zutritt zu dem vom Türbeschlag 1 gesicherten Bereich gewährt und/oder eine Sperrinformation beispielsweise in Form einer aktivierten Leuchte und/oder eines aktivierten Lautsprechers des Türbeschlags 1 ausgegeben.
• In einem Schritt S11 wird gemäss Fig. 6 und 7 eine Wartung eines Bereichsprofils initiiert, in dem von der Rechnereinheit 3 über eine kommunikative Verbindung 31 eine Wartungsanfrage eines Bereichsprofils T1 an die Netzwerkadresse der Zentralrechnereinheit 4 übermittelt wird.
• Gemäss Fig. 6 und 7 werden die Wartungsanfrage, das Bereichsprofil T1 und die Netzwerkadresse der Rechnereinheit 3 von der Zentralrechnereinheit 4 über die kommunikative Verbindung 31 empfangen. In einem Schritt S12 überprüft gemäss Fig. 6 und 7 die Zentralrechnereinheit 4, ob das Bereichsprofil T1 im Zutrittskontrollsystem existiert. Wenn das Bereichsprofil T1 im Zutrittskontrollsystem existiert, wird von der Zentralrechnereinheit 4 über die kommunikative Verbindung 31 eine Postadresse-Anfrage T12 an die Netzwerkadresse der Rechnereinheit 3 übermittelt. Wenn das Bereichsprofil T1 im Zutrittskontrollsystem nicht existiert, wird von der Zentralrechnereinheit 4 über die kommunikative Verbindung 31 eine Anfragewiederholungs-Anfrage T12' an die Netzwerkadresse der Rechnereinheit 3 übermittelt.
• Gemäss Fig. 6 und 7 wird die Postadresse-Anfrage T12 von der Rechnereinheit 3 über die kommunikative Verbindung 31 empfangen. In einem Schritt S13 wird gemäss Fig. 6 und 7 von der Rechnereinheit 3 über eine kommunikative Verbindung 31' eine Postadresse T13 der Rechnereinheit 3 an die Netzwerkadresse der Zentralrechnereinheit 4 übermittelt. Die Übermittlung der Postadresse T3 erfolgt über eine verschlüsselte kommunikative Verbindung 31', die über einen elektronischen Verweis (Hyperlink) von der Rechnereinheit 3 aus der empfangenen Postadresse-Anfrage T12 heraus aufgebaut wird.
• Gemäss Fig. 6 und 7 wird die Postadresse T13 von der Zentralrechnereinheit 4 über die verschlüsselte kommunikative Verbindung 31' empfangen. In einem Schritt S14 gemäss Fig. 6 und 7 übermittelt die Zentralrechnereinheit 4 über eine verschlüsselte kommunikative Verbindung 31' eine Berechtigungscode-Anfrage T14 an die Netzwerkadresse der Rechnereinheit 3. Zusätzlich zur Berechtigungscode-Anfrage T14 kann von der Zentralrechnereinheit 4 eine Forderung nach Bestätigung der Postadresse T13 der Rechnereinheit 3 an die Netzwerkadresse der Rechnereinheit 3 übermittelt werden.
• Gemäss Fig. 6 und 7 wird/werden die Berechtigungscode-Anfrage T14 und gegebenenfalls die Forderung nach Bestätigung der Postadresse T13 von der Rechnereinheit 3 über die kommunikative Verbindung 31' empfangen. In einem Schritt S15 gemäss Fig. 6 und 7 übermittelt die Rechnereinheit 3 über eine verschlüsselte kommunikative Verbindung 31' einen Berechtigungscode T15 und gegebenenfalls eine Bestätigung der Postadresse T3 an die Netzwerkadresse der Zentralrechnereinheit 4.
• Gemäss Fig. 6 und 7 wird/werden der Berechtigungscode T15 und gegebenenfalls die Bestätigung der Postadresse T13 von der Zentralrechnereinheit 4 über die verschlüsselte kommunikative Verbindung 31' empfangen. In einem Schritt S16 wird gemäss Fig. 6 von der Zentralrechnereinheit 4 über eine kommunikative Verbindung 61 eine Berechtigungscodeüberprüfungs-Anfrage T16 mit dem Berechtigungscode T15 und dem Bereichsprofil T1 an eine Postadresse der Gebäuderechnereinheit 6 übermittelt.
• Gemäss Fig. 6 werden die Berechtigungscodeüberprüfungs-Anfrage T16, der Berechtigungscode T15 und das Bereichsprofil T1 von der Gebäuderechnereinheit 6 über die kommunikative Verbindung 61 empfangen. In einem Schritt S17 wird gemäss Fig. 6 von der Gebäuderechnereinheit 6 überprüft, ob der Berechtigungscode T15 für das Bereichsprofil T1 gültig ist. Wenn der Berechtigungscode T15 für das Bereichsprofil T1 gültig ist, wird gemäss Fig. 6 von der Gebäuderechnereinheit 6 ein Berechtigungssignal T17 erzeugt und über eine verschlüsselte kommunikative Verbindung 61' an die Netzwerkadresse der Zentralrechnereinheit 4 übermittelt. Wenn der Berechtigungscode T15 für das Bereichsprofil T1 ungültig ist, wird gemäss Fig. 6 von der Gebäuderechnereinheit 6 ein Nichtberechtigungssignal T17' erzeugt und über die verschlüsselte kommunikative Verbindung 61' an die Netzwerkadresse der Zentralrechnereinheit 4 übermittelt. Die Übermittlung des Berechtigungsignals T17 oder des Nichtberechtigungssignals T17' erfolgt über eine verschlüsselte kommunikative Verbindung 61', die über einen elektronischen Verweis (Hyperlink) von der Gebäuderechnereinheit 6 aus der empfangenen Berechtigungscodeüberprüfungs-Anfrage T16 heraus aufgebaut wird.
• Gemäss Fig. 7 liegen die Berechtigungscodeüberprüfungs-Anfrage T16, der Berechtigungscode T15 und das Bereichsprofil T1 in der Zentralrechnereinheit 4 vor. In einem Schritt S17 wird gemäss Fig. 7 von der Zentralrechnereinheit 4 überprüft, ob der Berechtigungscode T15 für das Bereichsprofil T1 gültig ist. Wenn der Berechtigungscode T15 für das Bereichsprofil T1 gültig ist, wird gemäss Fig. 7 von der Zentralrechnereinheit 4 ein Berechtigungssignal T17 erzeugt. Wenn der Berechtigungscode T15 für das Bereichsprofil T1 ungültig ist, wird gemäss Fig. 7 von der Zentralrechnereinheit 4 ein Nichtberechtigungssignal T17' erzeugt.
• Gemäss Fig. 6 wird das Berechtigungssignal T17 oder das Nichtberechtigungssignal T17' von der Zentralrechnereinheit 4 über die verschlüsselte kommunikative Verbindung 61' empfangen. Gemäss Fig. 7 liegt ein Berechtigungssignal T17 oder ein Nichtberechtigungssignal T17' in der Zentralrechnereinheit 4 vor. In einem Schritt S18 gemäss Fig. 6 und 7 gibt die Zentralrechnereinheit 4 für ein vorliegendes Berechtigungssignal T17 Schreib- und Leserechte für das Bereichsprofil T1 frei. Sie erzeugt ein Freigabesignal T18 und übermittelt das Freigabesignal T18 über eine kommunikative Verbindung 31 an die Postadresse der Rechnereinheit 3.
• Gemäss Fig. 6 und 7 wird das Freigabesignal T18 von der Rechnereinheit 3 über die kommunikative Verbindung 31 empfangen. In einem Schritt S19 wird gemäss Fig. 6 bis 8 von der Rechnereinheit 3 ein Veränderungssignal T19 erzeugt und über eine kommunikative Verbindung 31' an die Netzwerkadresse der Zentralrechnereinheit 4 übermittelt. Die Übermittlung des Veränderungssignals T19 erfolgt über eine verschlüsselte kommunikative Verbindung 31', die über einen elektronischen Verweis (Hyperlink) von der Rechnereinheit 3 aus dem empfangenen Freigabesignal T18 heraus aufgebaut wird.
• Gemäss Fig. 6 bis 8 wird das Veränderungssignal T19 von der Zentralrechnereinheit 4 über die verschlüsselte kommunikative Verbindung 31' empfangen. In einem Schritt S20 gemäss Fig. 6 und 7 setzt die Zentralrechnereinheit 4 für ein empfangenes Veränderungssignal T19 Änderungen im Bereichsprofil T1 um und übermittelt über eine verschlüsselte kommunikative Verbindung 31' ein Veränderungsbestätigungssignal T20 an die Netzwerkadresse der Rechnereinheit 3.

The Fig. 3 to 8 12 show flowcharts of steps of embodiments of the method for operating an access control system. The following describes the individual steps:

• In a step S1 , according to Fig. 3 an area profile T1 with a valid identification code T2 'is stored in the central computer unit 4 and is present there.
• In a step S1 , according to 4 and 5 an area profile T1 with a valid identification code T2 'transmitted from the central computer unit 4 via a communicative connection 41, 41' to a network address of the door fitting 1, which grants access to the secure area to which the area profile 1 refers. The step S1 can take place if necessary, for example at regular time intervals such as weekly, monthly, etc. and / or in the event of a change in the area profile 1 of the area secured by the door fitting 1. The communicative connection 41, 41 'can be permanently maintained or it can only be set up for the purposes of transmitting the area profile T1.
• In a step S2 is according to Fig. 3 to 5 an identification code T2 of a mobile data carrier 2 is read by a reading device 10 of the door fitting 1 via data transmission 21.
• In a step S3 , according to Fig. 3 a read-in identification code T2 from the door fitting 1 via a communicative connection 41, 41 'to the network address of the central computer unit 4 transmitted.
• According to Fig. 3 the read-in identification code T2 is received by the central computer unit 4 via the communicative connection 41, 41 '. According to 4 and 5 is read in the identification code T2 in the door fitting 1 ago. In a step S4 is according to Fig. 3 the central computer unit 4 checks whether the read-in identification code T2 matches a valid identification code T2 'for the area secured by the door fitting 1, which valid identification code is stored in the area profile T1. If the read identification code T2 matches the valid identification code T2 ', the central computer unit will 4 generates an access signal T4 and transmits it via a communicative connection 41, 41 'to the network address of the door fitting 1, which has read in the identification code T2 and transmitted it to the central computer unit 4. If the read-in identification code T2 does not match the valid identification code T2 ', a blocking signal T4' is generated by the central computer unit 4 and transmitted via a communicative connection 41, 41 'to the network address of the door fitting 1, which reads in the identification code T2 and to the central computer unit 4 has transmitted.
• In a step S4 is according to 4 and 5 checked by the door fitting 1, if the read identification code T2 with a valid identification code T2 'for the secured by the door fitting 1 area matches, which valid identification code T2' is stored in the area profile T1. If the read identification code T2 matches the valid identification code T2 ', an access signal T4 is generated by the door fitting 1. If the read-in identification code T2 does not match the valid identification code T2 ', a blocking signal T4' is generated by the door fitting 1. According to Fig. 5 a read-in identification code T2 and the blocking signal T4 'generated for this one read-in identification code T2 is transmitted from the door fitting 1 via a communicative connection 41, 41' to the network address of the central computer unit 4.
• According to Fig. 5 a read-in identification code T2 and a blocking signal T4 'generated for this identification code T2 are received by the central computer unit 4 via the communicative connection 41, 41'. In a step S4 ' according to Fig. 5 the central computer unit 4 checks whether the read-in identification code T2 coincides with a valid identification code T2 'for the area secured by the door fitting 1, which valid identification code T2' is stored in the area profile T1. If the read identification code T2 matches the valid identification code T2 ', the central computer unit will 4 generates an access signal T4 " Fig. 5 For example, a read-in identification code T2 and the access code T4 "generated for this identification code T2 are transmitted from the central computer unit 4 via a communicative connection 41, 41 to the network address of the door fitting 1, which has read in the identification code T2 and transmitted it to the central computer unit 4. If the read-in identification code T2 does not coincide with the valid identification code T2 ', a blocking signal T4 "' is generated by the central computer unit 4. According to Fig. 5 a read-in identification code T2 and the generated for this identification code T2 blocking signal T4 "'transmitted from the central computer unit 4 via a communicative connection 41, 41' to the network address of the door fitting 1, which has read the identification code T2 and transmitted to the central computer unit 4.
• According to Fig. 3 an access signal T4 is received by the door fitting 1 via the communicative connection 41, 41 '. According to Fig. 4 is an access signal T4 in the door fitting 1 before. According to Fig. 5 a reaped identification code T2 and a signal generated for this read identification code T2 access signal T4 "from the door fitting 1 via the communication link 41, receive 41 '. In a step S5, in accordance with Fig. 3 to 5 granted from the door fitting 1 for a present access signal T4 access to the secured area from the door fitting 1 and / or access information issued, for example in the form of an activated light and / or an activated speaker of the door fitting 1.
• According to Fig. 3 a blocking signal T4 'is received by the door fitting 1 via the communicative connection 41, 41'. According to Fig. 4 is a blocking signal T4 'in the door fitting 1 before. According to Fig. 5 For example, a read-in identification code T2 and an inhibit signal T4 "'generated by the identification code T2 are received by the door fitting 1 via the communicative connection 41, 41. In a step S5' , according to FIG Fig. 3 to 5 from the door fitting 1 for a present blocking signal T4 ', T4 "' no Granted access to the secured area by the door fitting 1 and / or issued a blocking information, for example in the form of an activated light and / or an activated speaker of the door fitting 1.
• In a step S11 is according to Fig. 6 and 7 initiates maintenance of an area profile in which the computer unit 3 transmits a maintenance request of an area profile T1 to the network address of the central computer unit 4 via a communicative connection 31.
• According to Fig. 6 and 7 the maintenance request, the area profile T1 and the network address of the computer unit 3 are received by the central computer unit 4 via the communicative connection 31. In a step S12 checks according to Fig. 6 and 7 the central computer unit 4, whether the area profile T1 exists in the access control system. If the area profile T1 exists in the access control system, a postal address request T12 is transmitted to the network address of the computer unit 3 by the central computer unit 4 via the communicative connection 31. If the area profile T1 does not exist in the access control system, a request repeat request T12 'is transmitted to the network address of the computer unit 3 by the central computer unit 4 via the communicative connection 31.
• According to Fig. 6 and 7 the postal address request T12 is received by the computer unit 3 via the communicative connection 31. In a step S13 is according to Fig. 6 and 7 from the computer unit 3 via a communicative connection 31 'a postal address T13 of the computer unit 3 to the network address of the central computer unit 4 transmitted. The transmission of the postal address T3 via an encrypted communicative connection 31 ', which is established via an electronic link (hyperlink) from the computer unit 3 from the received mail address request T12 out.
• According to Fig. 6 and 7 the postal address T13 is received by the central computer unit 4 via the encrypted communicative connection 31 '. In a step S14 according to Fig. 6 and 7 the central computer unit 4 transmits an authorization code request T14 to the network address of the computer unit 3 via an encrypted communicative connection 31 '. In addition to the authorization code request T14, the central computer unit 4 can request confirmation of the postal address T13 of the computer unit 3 to the network address of the computer unit 3 be transmitted.
• According to Fig. 6 and 7 the authorization code request T14 and possibly the request for confirmation of the postal address T13 is / are received by the computer unit 3 via the communicative connection 31 '. In a step S15 according to Fig. 6 and 7 the computer unit 3 transmits an authorization code T15 via an encrypted communicative connection 31 'and optionally an acknowledgment of the postal address T3 to the network address of the central computer unit 4.
• According to Fig. 6 and 7 the authorization code T15 and possibly the confirmation of the postal address T13 is / are received by the central computer unit 4 via the encrypted communicative connection 31 '. In a step S16 is according to Fig. 6 from the central computer unit 4 via a communicative connection 61 an authorization code verification request T16 with the authorization code T15 and the area profile T1 transmitted to a postal address of the building computer unit 6.
• According to Fig. 6 For example, the authorization code verification request T16, the authorization code T15 and the area profile T1 are received from the building computer unit 6 via the communicative connection 61. In a step S17 is according to Fig. 6 the building computer unit 6 checks whether the authorization code T15 is valid for the area profile T1. If the authorization code T15 is valid for the area profile T1, then Fig. 6 generated by the building computer unit 6 an authorization signal T17 and via an encrypted communicative connection 61 'to the Network address of the central computer unit 4 transmitted. If the authorization code T15 for the area profile T1 is invalid, then the following applies Fig. 6 from the building computer unit 6 generates a non-entitlement signal T17 ' and transmitted via the encrypted communicative connection 61' to the network address of the central computer unit 4. The transmission of the authorization signal T17 or the unauthorized signal T17 'takes place via an encrypted communicative connection 61', which is established via an electronic reference (hyperlink) from the building computer unit 6 from the received authorization code verification request T16.
• According to Fig. 7 The authorization code check request T16, the authorization code T15 and the area profile T1 are present in the central computer unit 4. In a step S17 is according to Fig. 7 the central computer unit 4 checks whether the authorization code T15 is valid for the area profile T1. If the authorization code T15 is valid for the area profile T1, then Fig. 7 from the central computer unit 4 generates an authorization signal T17 . If the authorization code T15 for the area profile T1 is invalid, then the following applies Fig. 7 generated by the central computer unit 4, a non-entitlement signal T17 ' .
• According to Fig. 6 the authorization signal T17 or the non-authorization signal T17 'is received by the central computer unit 4 via the encrypted communicative connection 61'. According to Fig. 7 An authorization signal T17 or a non-authorization signal T17 'is present in the central computer unit 4. In a step S18 according to Fig. 6 and 7 the central processing unit 4 releases write and read rights for the area profile T1 for a given authorization signal T17. It generates a release signal T18 and transmits the release signal T18 via a communicative connection 31 to the postal address of the computer unit 3.
• According to Fig. 6 and 7 the enable signal T18 is received by the computer unit 3 via the communicative connection 31. In a step S19 is according to Fig. 6 to 8 generated by the computer unit 3, a change signal T19 and transmitted via a communicative connection 31 'to the network address of the central processing unit 4. The transmission of the change signal T19 takes place via an encrypted communicative connection 31 ', which is established via an electronic reference (hyperlink) by the computer unit 3 from the received enable signal T18.
• According to Fig. 6 to 8 the change signal T19 is received by the central processing unit 4 via the encrypted communicative connection 31 '. In a step S20 according to Fig. 6 and 7 the central processing unit 4 for a received change signal T19 changes changes in the area profile T1 and transmits via an encrypted communicative connection 31 'a change confirmation signal T20 to the network address of the computer unit 3.

• In einem Schritt S20 wird gemäss Fig. 8 von der Zentralrechnereinheit 4 ein Veränderungssignal T19 derart in einer Änderung eines freigegebenen Bereichsprofils T1 umgesetzt, dass darin ein ein provisorischer Identifikationscode T2* angelegt wird.
• In einem Schritt S21 wird gemäss Fig. 8 ein eingelesener Identifikationscode T2 mit dem angelegten provisorischen Identifikationscode T2* verglichen. Falls der eingelesene Identifikationscode T2 an dem Türbeschlag 1 eingelesen wirden ist, der Zutritt zu dem gesicherten Bereich des freigegebenen Bereichprofils T1 mit dem angelegten provisorischen Identifikationscode T2* gewährt, und der eingelesene Identifikationscode T2 mit diesem provisorischen Identifikationscode T2* übereinstimmt, wird der eingelesene Identifikationscode T2 in das freigegebene Bereichsprofil als gültiger Identifikationscode T2' aufgenommen. Falls dem nicht so ist und der eingelesene Identifikationscode T2 vom angelegten provisorischen Identifikationscode T2" abweicht, wird von der Zentralrechnereinheit 4 ein Fehlersignal T21 erzeugt.

With knowledge of the present invention, the person skilled in the art can also realize the previously described encrypted communicative connection 31 ', 61' by means of an unencrypted communicative connection 31, 61.

• In a step S20 is according to Fig. 8 from the central processing unit 4, a change signal T19 is converted into a change of a released area profile T1 such that a provisional identification code T2 * is applied thereto.
• In a step S21 is according to Fig. 8 a read identification code T2 compared with the applied provisional identification code T2 *. If the read-in identification code T2 is read in at the door fitting 1 which grants access to the secure area of the shared area profile T1 with the applied provisional identification code T2 *, and the read-in identification code T2 matches this provisional identification code T2 *, the read-in identification code becomes T2 in the released area profile as a valid identification code T2 'was added. If this is not the case and the read identification code T2 deviates from the applied provisional identification code T2 ", an error signal T21 is generated by the central computer unit 4.

In a step S22 is according to Fig. 8 from the central computer unit 4 for the valid in the profile profile T1 recorded identification code T2 'via a communicative connection 31, 31' a change confirmation signal T20 to the network address of the computer unit 3.

Claims (15)

Method for operating an access control system with at least one door fitting (1) to a secured area of a building and at least one identification code (T2) on a mobile data carrier (2); which identification code (T2) is read in by a reading device (10) of a door fitting (1); if a read-in identification code (T2) is valid, access to the area secured by the door fitting (1) is granted;
characterized,
that by a computer unit (3) via at least one communication link (31, 31 ') is transmitted to an authorization code (T15) to a central computer unit (4);
checking that the submitted authorization code (T15) matches a valid authorization code for an area profile (T1);
that upon successful verification of the transmitted authorization code (T15), write and read rights for the area profile (T1) are released to the computer unit (3) transmitting the authorization code (T15); and
in that the shared area profile (T1) is changed by the computer unit (3) via a communicative connection (31, 31 '). A method according to claim 1, characterized in that the computer unit (3) an identification code (T2) of a mobile data carrier (2) as a valid identification code (T2 ') is included in the shared area profile (T1)
and / or that the computer unit (3) removes an identification code (T2) of a mobile data carrier (2) as a valid identification code (T2 ') from the released area profile (T1)
and / or that a validity of an identification code of the released area profile (T1) is changed by the computer unit (3)
and / or that the computer unit (3) records an entity in the released area profile (T1)
and / or that an entity is removed from the released area profile (T1) by the computer unit (3)
and / or that the reading unit of an entity of the released area profile (T1) is changed by the computer unit (3)
and / or that a write right of an entity of the released area profile (T1) is changed by the computer unit (3)
and / or that a time zone of an entity of the released area profile (T1) is changed by the computer unit (3). A method according to claim 1, characterized in that the computer unit (3) an identification code of a mobile data carrier (2) in a shared area profile (T1) as a provisional identification code (T2 *) is applied; and if, by the reading device (10) of the door fitting (1) granting access to the secured area of the released area profile (T1), an identification code (T2) corresponding to the provisional identification code (T2 *) is read in Identification code (T2) in the released area profile (T1) as a valid identification code (T2 ') is added. A method according to claim 3, characterized in that a provisional identification code (T2 *) is applied by specifying a digit sequence in a shared area profile (T1); and if, from the reading device (10) of the door fitting (1) granting access to the secured area of the released area profile (T1), a digit sequence corresponding to the digit sequence of the provisional identification code (T2 *) is read with the digit sequence read identification code (T2) in the released area profile (T1) as a valid identification code (T2 ') is added
and / or a provisional identification code (T2 *) is applied by specifying a time period in a released area profile (T1); and if within the time period of the reading device (10) of the door fitting (1) grants access to the secured area of the released area profile (T1), an identification code (T2) corresponding to the provisional identification code (T2 *) is read , the read-in identification code (T2) is included in the released area profile (T1) as a valid identification code (T2 '). Method according to one of Claims 1 to 4, characterized in that a processor (13) of a door fitting (1) checks whether an identification code (T2) read in by the reading device (10) of the door fitting (1) has a valid identification code ( T2 ') of an area profile (T1) for the area secured by the door fitting (1)
and / or that at least part of an area profile (T1) for the area secured by a door fitting (1) is transmitted from the central computer unit (4) to the door fitting (1) via a communicative connection (41, 41 '); and that is checked by a processor (13) of the door fitting (1), whether one of the reading device (10) of the door fitting (1) read identification code (T2) with a valid identification code (T2 ') of the transmitted area profile (T1) matches
and / or that at least part of an area profile (T1) for the area secured by a door fitting (1) is transmitted from the central computer unit (4) to the door fitting (1) via a communicative connection (41, 41 '); in that a processor (13) of the door fitting (1) checks whether an identification code (T2) read in by the reading device (10) of the door fitting (1) has a valid code Identification code (T2 ') of the transmitted area profile (T1) matches; that upon successful verification of the read identification code (T2) by the processor (13) an access signal (T4) to an actuator (18) of the door fitting (1) is transmitted; and that the actuator (18) grants access to the area secured by the door fitting (1) for the transmitted access signal (T4). Method according to one of Claims 1 to 4, characterized in that the central computer unit (4) checks whether an identification code (T2) read by a reading device (10) of a door fitting (1) has a valid identification code (T2 ') of an area profile (T1) for the door fitting (1) of the reading device (10) secured area coincides
and / or that an identification code (T2) read in by a reading device (10) is transmitted to the central computer unit (4) via a communicative connection (41, 41 '); and that the central computer unit (4) checks whether the read-in identification code (T2) matches a valid identification code (T2 ') of an area profile (T1) for the door fitting (1) of the reading device (10)
and / or that an identification code (T2) read in by a reading device (10) is transmitted to the central computer unit (4) via a communicative connection (41, 41 '); and that the central computer unit (4) checks whether the read-in identification code (T2) matches a valid identification code (T2 ') of an area profile (T1) for the door fitting (1) of the reading device (10); that upon successful verification of the read identification code (T2) from the central computer unit (4) an access signal (T4) via the communicative connection (41, 41 ') to an actuator (18) of the door fitting (1) is transmitted; and that the actuator (18) grants access to the area secured by the door fitting (1) for the transmitted access signal (T4). Method according to one of claims 1 to 6, characterized in that from the central computer unit (4) a transmitted authorization code (T15) via a communicative connection (61, 61 ') to a building computer unit (6) is transmitted; that the building computer unit (6) checks whether the transmitted authorization code (T15) matches a valid authorization code for an area profile (T1); and that upon successful verification of the transmitted authorization code (T15) of the building computer unit (6) an authorization signal (T17) via a communicative connection (61, 61 ') to the central computer unit (4) is transmitted
and / or that a transmitted authorization code (T15) is transmitted by the central computer unit (4) via a communicative connection (61, 61 ') to a building computer unit (6); that the building computer unit (6) checks whether the transmitted authorization code (T15) matches a valid authorization code for an area profile (T1); that upon successful verification of the transmitted authorization code (T15) by the building computer unit (6) an authorization signal (T17) via a communicative connection (61, 61 ') to the central computer unit (4) is transmitted; and that from the central processing unit (4) for a transmitted authorization signal (T17) write and read rights for the area profile (T1) to the computer (3) transmitting the authorization code (T15) are released. Method according to one of Claims 1 to 7, characterized in that, when the transmitted authorization code (T15) has been successfully checked by the central computer unit (4), write and read rights for the area profile (T1) are sent to the computer unit (3) transmitting the authorization code (T15). be released. Access control system for carrying out the method according to one of claims 1 to 8, characterized in that the access control system comprises the computer unit (3) and / or that the access control system comprises the central computer unit (4)
and / or that the access control system comprises a building computer unit (6)
and / or that the access control system comprises a network-based communicative connection (31, 31 ') between the computer unit (3) and the central computer unit (4)
and / or that the access control system comprises a network-based communicative connection (41, 41 ') between the central computer unit (4) and the door fitting (1)
and / or that the access control system comprises reading the identification code (T2) of the mobile data carrier (2) via a data transmission (21) by the reading device (10)
and / or that the access control system comprises a network-based communicative connection (61, 61 ') between the central computer unit (4) and a building computer unit (6). Access control system according to claim 9, characterized in that the area profile (T1) is at least partially stored in a computer-readable data memory (43) of the central computer unit (4)
and / or that the area profile (T1) is stored at least partially in a computer-readable data memory (14) of the door fitting (1). Access control system according to one of claims 9 or 10, characterized in that the door fitting (1) is arranged on a door leaf of a door to the area secured by the door fitting (1). Access control system according to one of claims 9 to 11, characterized in that the reading device (10) in a door fitting (11) of the door fitting (1) is arranged and / or that a processor (13) in a door trim (11) of the door fitting (1) is arranged
and / or a computer-readable data memory (14) in a door trim (11) of the door fitting (1) is arranged
and / or a transmitting and receiving unit (12) for a network-supported communicative connection (41) between the central computer unit (4) and the door fitting (1) in a door set (11) of the door fitting (1) is arranged and / or an electrical power supply (19) in a door fitting (11) of the door fitting (1) is arranged. Access control system according to one of claims 9 to 12, characterized in that the computer unit (3) is arranged in the area secured by the door fitting (1). A computer program product comprising at least one computer program means adapted to implement the method according to one of the claims 1 to 8 in that at least one method step is carried out when the computer program means is fed into at least one processor (13) of the door fitting (1). and / or in at least one processor (33) of the computer unit (3) and / or in at least one processor (43) of the central computer unit (4) and / or in at least one processor (63) of a building computer unit (6) is loaded. Computer-readable data storage comprising a computer program product according to claim 14.

Images