GB2538963A - Access control controller, related system, method and computer program - Google Patents

Access control controller, related system, method and computer program Download PDF

Info

Publication number
GB2538963A
GB2538963A GB1509392.5A GB201509392A GB2538963A GB 2538963 A GB2538963 A GB 2538963A GB 201509392 A GB201509392 A GB 201509392A GB 2538963 A GB2538963 A GB 2538963A
Authority
GB
United Kingdom
Prior art keywords
access
access control
controller
communication
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1509392.5A
Other versions
GB201509392D0 (en
Inventor
Raitanen Markku
Knutas Kim
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
IDCONTROL Oy
Original Assignee
IDCONTROL Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by IDCONTROL Oy filed Critical IDCONTROL Oy
Priority to GB1509392.5A priority Critical patent/GB2538963A/en
Publication of GB201509392D0 publication Critical patent/GB201509392D0/en
Priority to ZA2016/03725A priority patent/ZA201603725B/en
Publication of GB2538963A publication Critical patent/GB2538963A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00817Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00817Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed
    • G07C2009/00825Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed remotely by lines or wireless communication
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/38Individual registration on entry or exit not involving the use of a pass with central registration

Abstract

An access control controller 10 comprises an internet protocol (IP) communication module 306 and at least one programmable module 301, 304 configured to cause the access control controller to independently initiate secure IP communication to an access control server. The communication between the controller 10 and the server is only originated by the controller. During the communication the controller is configured to receive management information from the server including updated access right data. The controller 10 is configured to control physical access of a physical ac­cess device 308 such as a door, turnstile, lid, hatch, or a gate. The controller can preferably ignore all communication initiation requests from external entities and log these requests. The secure IP communication can be implemented using encrypted communication and can use internet socket port 443. The updated access right information can include added, deleted or changed access rights; credentials for which access will be granted or credentials for access denial. The use of controller initiated secure IP communications allows a secure access control system to be used since a third party cannot gain access to the access controller since the access controller will not respond to communication requests.

Description

ACCESS CONTROL CONTROLLER, RELATED SYSTEM, METHOD AND COMPUTER PROGRAM
Technical Field
The present invention relates generally to access control. More particularly, the present invention relates to a method, an access control controller, a computer program, and an access control system.
Background
Physical access control refers to a restricted access to a place or other physical resource. A credential may refer to an identifiable tangible object such as an access card or a key fob, which may be contact-based (e.g. magnetic stripe based or smart chip based) or contactless (requiring e.g. wireless data transfer such as RFID/NFC (radio-frequency identification/near-field communication) communication), immaterial element such as information (something that a person knows like a code, e.g. a so-called PIN code (personal identification number)), or a biometric property of a person (e.g. fingerprint, retina, iris, voice), which all provide for selective access control. Quite commonly, even multi-factor authentication requiring parallel, successful usage of several credentials to gain access to a desired resource is exploited at environments requiring elevated security control.
Physical access control technology is on the verge of a groundbreaking devel-opment. The driving force of the change is the general transition to TCP/IP-based (Transmission Control Protocol/Internet Protocol) systems. However the migration of the access control systems to a digital environment brings many problems that have not been considered before.
Typically, a legacy access control system is dependent on having each device -card reader, handle, door lock, door position switch, etc. -hard wired with e.g. RS-485 cable into a single central unit or central server. Besides being proprietary systems, which confines the end user to one particular provider of hardware and software, these solutions often tend to be very complex and re- quire expert personnel to handle installation and configuration. Also the maxi- mum number of access controlled resources and users (persons with credentials) that may have been duly served by a single system has traditionally been somewhat modest. Quite commonly e.g. the processing and associated overall access delay has been disturbingly long responsive to an access request in-corporating e.g. swipe of a magnetic access card on a reader device.
Known IP-technology, for its part, in the access control systems has not been able to fully exploit the true advantages of IP. The available IP-based access control environments are also typically closed systems. Their conversion into another vendor's system is not easy or cheap. Linking a new software compo-nent into the system is difficult as well. Furthermore, IP based access control systems are still largely under development. They are often based on the same ideas as the non-IP based access control systems, and are thereby functionally and structurally relatively inflexible local 'proprietary' systems.
For example, the premises of a client may be provided with both a number of access control controllers for controlling door access and an access server for the management and control of the controllers themselves. Data communication for the operation of the access system can be server-originated and the server may thus connect to local controller devices that respond to the server's inquiries. This elevates computer and network security risks as the local devic- es are necessarily adapted to receive external data traffic and answer the as-sociated external inquiries and commands, making them susceptible to various digital attacks over communication and data networks.
Yet, adapting or monitoring the operation of a contemporary (physical) access control system is typically awkward, and the connectivity towards various other systems that would benefit from or provide benefits to the access control sys-tem in terms of data exchange is lacking or extremely limited.
In the light of the foregoing, there is a need to overcome the problems as set forth above.
Summary
It is an object of the present invention to provide a method, an access control controller, and access control system, and a computer program for IP based access control solution alleviating one or more of the aforementioned defects. This object can be achieved by the features defined in the independent claims. Further enhancements are characterized by the dependent claims.
One embodiment is directed to an access control controller, comprising: an In-ternet protocol, IP, communication module; at least one programmable module configured to cause the access control controller to independently initiate secure IP communication, by the IP communication module, to an access control server, wherein communication between the controller and the server is controller originated only and during communication, the controller is configured to receive management by the server including updated access right data; and wherein the access control controller is configured to control physical access via a physical access device such as a door, turnstile, gate, hatch, or lid.
One embodiment is directed to an access control system, comprising the access control controller, further comprising: an access control server, comprising at least one programmable module configured to cause the server to manage the access control controller subsequent to the initiation of communication by the controller, wherein the management includes provision of updated ac-cess right data; and an internet protocol, IP, interface configured to functionally link or integrate at least one other system, optionally other access control system and/or a CRM (Customer Relationship Management) system, with said access control system.
One embodiment is directed to an access control method, comprising: inde- pendently initiating, by an access control controller, a secure IP communication to an access control server, wherein communication between the controller and the server is controller originated only and during communication, the controller is configured to receive management by the server, wherein the man- agement includes receipt of updated access right data; and controlling a phys-ical access of a physical access device by the access control controller.
One embodiment is directed to a computer program, comprising: programmable software code configured to, when executed on a computer, cause the program to independently initiate, by an access control controller, a secure IP communication to an access control server, wherein communication between the controller and the server is controller originated only and during communication, the controller is configured to receive management by the server, wherein the management includes receipt of updated access right data; and control, by the access control controller, a physical access having regard to a physical access device. The program may be embodied as a computer program product in a non-transitory computer readable carrier medium such as optical disc, hard disc or memory card.
Accordingly, in preferred embodiments the access control controller is configured to independently and autonomously contact the access control server for information transfer based on the activate operation logic thereof, which may be updateable. Responsive to such contact, the server may respond and transmit data such as access right data back to the controller. Further preferably, the access control controller cannot be contacted from external devices, systems or servers, advantageously including the access control server, or the controller does not at least respond to such inquiries even if external data transmissions are capable of reaching the communication interface of the controller. This general approach for all communications involving the controller is preferably applied at least in normal operation conditions, while in some em-bodiments a number of exceptions to the basic rule could still exist e.g. in the start-up or (re-)configuration phase of the system or the particular controller in question.
The access control controller thus preferably exclusively initiates communication and e.g. related communication session that may be bi-directional with the server, advantageously using a secure, such as encrypted, data transfer method.
Optionally, the access control controller is limited to communication with the access control server only having regard to external entities. Data transfer with further external entities may take place having the server as an intermediary in 20 between.
The controller may naturally control the local elements such as physical access devices (locks in doors, gates, etc.) and at least receive data from the associated readers, if not being integral with the controller itself.
The access control server preferably includes an interface allowing Internet based access thereto. External servers and services may connect to the server via the interface. Also the controller can be managed by the server via the interface. The interface may include a user interface (UI) such as graphical UI (GUI). The embodiment may even allow individual doors to be connected to different access control software in an integrated manner using the server.
Still, the embodiment can be used to easily and cost-effectively connect the various types of applications into the access control system, such as cash or ticket applications etc. Each of the aforesaid embodiments provides one or more solutions to the problems and disadvantages with the background art. Other technical ad-vantages of the present disclosure will be readily apparent to one skilled in the art from the following description and claims. Various embodiments of the present application may obtain only a subset of the advantages set forth. Not a single advantage is critical to the embodiments. Any claimed embodiment may be technically combined with any other claimed embodiment(s).
The utility of the present invention thus arises from multiple issues depending on the embodiment. The suggested arrangement offers a modern, on time and flexible approach for door and physical access control in general ranging from private or commercial applications, e.g. rental apartments, cabins, industrial, logistic or office doors/gates, to high security entrances or exits in connection with e.g. airports, military bases, etc. The overall access control solution may be realized using a compact set of physical devices, such as a reader, a controller, a server and physical access device (electric lock -provided door or gate, for instance), some of which may even be physically integrated together considering e.g. reader, controller and optionally the physical access device such as a door or gate and related locking/unlocking or opening/closing mechanism. One or more credentials may be utilized in connection with a single access request for the decision-making (access granted/denied) based on multi-factor authentication approach.
In general, the solution scales extremely well. A number of controllers can be quickly and intuitively connected to a server through the Internet. A graphical UI, i.e. GUI, may be provided to enable convenient, preferably 24/7 type, access to the system from remote locations. Preferably the UI is web based or at least comprises such UI option and thus accessible with a web browser opera-ble in a terminal device, such as a personal computer or mobile terminal, via the Internet. The web-server or service may be operated by the access server or server(s) external but functionally connected thereto. Other systems and software may be indeed integrated with the access control system including but not limited to e.g. CRM application(s)/system(s), cash register systems, etc.
Brief Description of the Drawings
The accompanying drawings illustrate presently preferred exemplary embodiments of the disclosure, and together with the general description given above and the detailed description of the preferred embodiments given below, serve to explain, by way of example, the various basic principles of the disclosure.
FIG. 1 is a diagrammatic illustration of an access control system according to an exemplary embodiment of the present invention; FIG. 2 illustrates an example comprising various physical access devices cou-pled with the system; FIG. 3 is a block diagram of selected internals of the access control controller, being, for most part, suitable also for implementing an embodiment of a server in accordance with the present invention.
FIG. 4 is a signaling chart disclosing an embodiment of credential registration procedure in the system.
FIG. 5 is a signaling chart disclosing an embodiment of access control procedure in the system.
FIG. 6 is a flow diagram of an embodiment of a method in accordance with the present invention.
Detailed Description
An embodiment of the invention relates to an access control arrangement comprising at least one access control controller and an access control server. The access control server acts as an interface for various access control and other solutions and maintains the controllers by providing e.g. updated access rules, i.e. access right data, thereto. The access control controller and the access control server preferably comprise computer program code configured to manage the operation of the access control system. Access control controller may be based on various types of hardware configuration of access control controllers, wherein the computer code is configured to implement an embodi-ment of the present invention. A reader of the access control solution may as well be based on the readers that are currently available.
The access control controller and the access control server can establish a practically seamless and easily updated connection and operation. Contrary to conventional access control systems, it is the access control controller that in- dependently and preferably substantially exclusively contacts the access con-trol server for communication and related data transfer, which may after the connection set-up initiation by the controller, be bi-directional. Consequently, the access controller can be situated in an internal network.
Preferably, the access control controller cannot be thus independently con-tacted from outside (or at least a response received from the controller) as communication such as a communication session is advantageously exclusively started by the controller. For example, a fraudulent device cannot contact the access control controller, or the contact does preferably not at least cause sending any response from the access control controller. In some embodi-ments, a connection request may indeed be configured to cause local actions at the controller such as logging the request and/or analyzing the request according to a predefined logic. The embodiment allows connecting individual doors to various different access control systems in an integrated manner using the interface of the server. Furthermore, various applications can be em-bedded into the access control system through the interface.
An identifier or credential for the access control can involve RFID (radio frequency identification) or NFC (near-field communication) tag, mobile ID, bar code, 2D bar or 'matrix' code, magnetic card, key fob with embedded electronics, speaker (voice) recognition, image/facial recognition, iris recognition, reti- nal scanning (with infrared transmitter), etc. The identifier/credential can basi-cally be any unique identifier that can be read by a reader device and transferred to the access control controller and e.g. to the server. The access control controller is configured to receive credential data from the reader. The data can enable the physical access and thus act as a key.
The reader may include a keypad where a code is entered. Additionally or alternatively, it may include a card, fob and/or biometric reader. A single reader may support credentials of different type, or multiple dedicated readers may be utilized in connection with a certain access controlled resource and access device. The readers as such, do not usually make an access decision, but send the captured credential (data) such as a card number to a controller that veri-fies the credential/number against an access list by a suitable matching (comparison) operation. The two may, however, be integrated e.g. in a common housing if not connected by wiring, for example.
In the context of an embodiment of the present invention the access control system supplier or operator may be easily changed to another. This means that the controllers at the physical access point, e.g. at doors, the readers and related cabling need to not be changed when changing to another supplier.
The server side only modifies settings relating to the supplier.
The access control system is secure. As mentioned hereinbefore, connection from the controller to the server is preferably only controller-originated. Thus, controller starts and establishes the connection and consequently the associated session. However, in some embodiments a controller may be configured to connect to a plurality of remote entities such as servers instead of one serv-er only. The associated control logic (which entity or entities to connect or communicate to and in which occasions) may be configurable and stored in the controller.
Generally, the controller cannot be contacted, for example malicious contacts cannot be targeted to control controller, or the controller at least omits re- sponding to those, if not staying completely passive and ignoring such. In preferred embodiments, only the controller can open the secure session between it and a remote entity such as the server, but it does not accept a server or other remote entity -originated session. The established connections are pref-erably encrypted. Specific, preferably proprietary, commands are used in the communication, and any unspecified command causes no action at the controller or server.
Connections and data transfer may take place via HTTP (Hypertext Transfer Protocol) port 80 or HTTPS (HTTP Secure) port 443, the Internet socket port allocations being officially maintained by the Internet Assigned Numbers Au-thority (IANA).
When a secure connection has been established, the controller can receive management by the server. For example, by the server interface new software components can be added, old ones updated, or e.g. different access systems 30 enabled. Access rights data may be updated.
Referring next to FIG. 1, there is a diagrammatic illustration of an access control system 100 according to an exemplary embodiment of the present invention. The system and the apparatuses comprise programmable blocks or modules that are configured to perform various operations. Access control system comprises an access control controller 10, an access control server 20, and an access control interface 30 to interface various entities and elements having regard to the system 100. The controller 10 hosts and executes computer program code configured for the operations of the embodiment of the controller.
The server 20 hosts and executes computer software code configured to the operations of the embodiment of the server 20.
The controller 10 is functionally connected to the server 20. The communications between the controller 10 and the server may be wired and/or wireless connections incorporating one or more legs of communication over the Inter-net. All data traffic is preferably encrypted.
The controller 10 controls the operation of the physical access device via an associated, controllable locking/unlocking and/or opening/closing mechanism, for example. The server 20 contains and provides the basic functions of access control system. The server 20 can be linked to access control applica- tions or other systems through the interface 30. Thereby access control appli-cations or other applications, services and systems can be at least functionally embedded in the access control system.
The interface 30 is advantageously accessible using at least one communications network, preferably the Internet, 31. A computer such as a desktop corn-puter, laptop, tablet or cell phone 32, or other user terminal, can be embedded into the access system via the interface 30. The computer/terminal 32 can monitor or control the access system via the interface 30. Data may be provided to the server 20 and received therefrom using the interface 30. The data communications between the controller 10, the server 20 and the elements of/connecting to the interface 30 is preferably IP based and encrypted. Fur-thermore the controller 10 may be configured to follow a specific, advantageously proprietary protocol for the access control operations. Therefore, only a specific command will cause the controller 10 to effect an access or other operation. The protocol and related commands/syntax may be generally kept secret in favor of network and communications security.
A controller 10 may be installed per physical access device such as a door, and e.g. a locking mechanism therein, with no need to cable multiple controllers together. Each access device may be thus directly connected, via the associated controller 10, to a medium such as communications link or network such as TCP/IP network and e.g. LAN (Local Area Network) or WLAN (Wireless LAN) for communication with the server 20.
FIG. 2 illustrates an example comprising various physical access devices 21, 22, 23, essentially doors, gates and turnstiles, having the access control con- trollers 10 that are coupled with the overall system using IP based communica-tion initiated by the controllers 10.
An embodiment of the present invention enables embedding and/or connecting a e.g. door or other physical access device associated with the access control controller 10 to various different access control systems as well as third-party software such as cash register or reservation systems.
For example, an external reservation or other connected system with e.g. one or more servers can be configured to control access to a number of rental cabins or other rental property and doors through software application via the interface 30. The server 20 may host such control rules and other control data, and control the controllers 10 accordingly. The system does not require specif-ic local IT infrastructure. The access control system can be decentralized to different destinations, for example, in various locations of the rental cabins. The server 20 may be implemented by at least one, at least functionally and locally centralized server apparatus with necessary data processing, storage and communication equipment, or by e.g. a plurality of functionally connected server apparatuses optionally residing in a cloud computing environment enabling easy scalability of the associated hardware resources.
FIG. 3 illustrates a high-level block diagram of an embodiment of the access control controller 10 in terms of selected electronics and logical entities such as software therein. The shown elements may be disposed within a common housing. The server 20 may generally include same or similar elements, such as data processing, storage and communications elements like network interface, naturally excluding the unnecessary reader logic.
At least one processing unit or CPU 301 may be included by reference to e.g. a microprocessor, microcontroller, or a digital signal processor.
Memory MEM (ROM, RAM, etc.) 302 and optionally removable non-volatile storage medium STO 303 (e.g., CD-ROM, memory card such as microSD card etc.) may be provided. Optionally the memory 302 is integrated with the pro-cessing unit 301. Elements 302, 303 may be configured to store data such as event data, access data, associated logs, and/or access right data. The program PROG 304 refers to computer software program, or program code, defining instructions configured to operate the controller as contemplated herein when executed by the processing unit 301. The operating system OS 305 may refer to any applicable operating system on which the program(s) 304 run, preferably Linux TM or Linux-based (or UNIX TM based) operating system.
A reader device module R 307 may include a reader device 309 (thus the controller 10 effectively has a built-in reader) or at least interface, optionally by wire, cable and/or connector (e.g. Wiegand, RS232/485, or Ethernet/LAN cables), or wirelessly, with external reader device 309 that may thus alternatively be a physically separate element with e.g. a housing of its own or shared with other element such as physical access device.
A physical access device, such as a door, turnstile or gate, and particularly e.g. 15 the locking mechanism thereof, 308 may be integrated with the reader 309 and/or the controller 10, or be at least functionally connected to the reader 309 or controller 10, again by a suitable wire, cable and/or connector, or wirelessly.
The network module N or generally communications module 306 may be configured to connect the controller 10 to a target network for enabling communi-cation with the server. The communications module 306 may support wired and/or wireless communication. It may implement a predetermined (W)LAN ((wireless) local area network) or Wi-Fi TM interface, or e.g. a cellular network interface, such as a desired 3G or 4G cellular standard compliant interface. The connection between the controller 10 and server 20 may be IP based and at least partially (in terms of one or more communication legs) take place over the Internet.
FIG. 4 depicts a signaling chart 400 disclosing an embodiment of credential registration procedure applied in an access control system.
At 402, a credential such as NFC/RFID tag 420 is placed on a reader 309 so that the credential data may be properly captured by the reader 309. The reader 309, which may be coupled to e.g. a PC and/or a cash register and related back-end system at a store or some other location, sends the credential data at 404 towards a (G)UI (e.g. web-based GUI accessible with a browser) of the access control system or other (external) system, or a connected registra-tion system 422, optionally a third party CRM (customer relationship management) system, which establishes, or is used to control establishing, a new account for the credential with necessary information such as person/holder and access rights data (e.g. location-dependent and/or temporal data).
At 406, the access rights allocated e.g. via the (G)UI of the access control sys-tem or by/through an external system, are signaled to the access control server 20 and stored therein.
At 408, the server 20 further notifies the relevant controllers 10 about the access right update regarding the credential 420. For example, only the control-lers 10 that should allow the access to the credential 420 may be informed in cases where the controllers 10 only maintain knowledge of the allowed credentials (i.e. credentials for which access of the particular local physical access device is granted). Preferably, the notification 408 is still provided responsive to the communication initiated (see the dotted arrow 408a in the figure) by the controller 10 as explained herein. The initiated communication 408a may refer to the transmission of an access log, access inquiry, a scheduled communication, alarm signal, etc. FIG. 5 is a signaling chart disclosing an embodiment of access control procedure applied in the suggested system.
At 502, a credential such as NF/RFID tag, magnetic card, etc. 420 is provided, by a host entity such as a person or vehicle (or other object) having the credential, within the range of the reader 309, which may be associated with a door, gate or turnstile, for example, at a gym, cabin, industrial building, office building, store, warehouse, logistics center, high security compound like airport or military base, etc. At 504, the reader 309 indicates the credential to the access control controller 10.
The access control controller 10 determines whether the entity having the credential indicated shall have granted access or not (access will be denied). As explained hereinbefore the controller 10 may store access right data. The ac- cess right data stored may link credential data with access rights granted. Responsive to obtaining credential(s), the controller 10 may execute an appropriate predefined matching algorithm (or 'search' algorithm/technique) to find ac-cess rights, if any, associated with the credential(s) having regard to the particular access control device in question (e.g. required access level) and optional related finer resolution definitions (e.g. temporal access rights indicative of the time of day, week, month or year, for example, when the access is granted, and/or number of accesses allowed for a credential (considering e.g. ticketing applications), etc.).
At 506, the controller 10 signals the reader and/or other element configured to actuate the access control device, if not being connected to and controlling the device by itself (which is possible as well), about the outcome of access re-quest determination. The access control device may incorporate an electrically controlled locking mechanism or e.g. (electric) motor controlled gate mechanism for the purpose.
Optionally, particularly in the case of negative determination, the controller 10 may omit providing an explicit response. That may convert into maintaining 'status quo' at the physical access device, which usually is 'access denied', locked', or 'closed' in connection with a door, hatch, turnstile, or gate. A predetermined signal may indicate the receiving element such as reader 309 to provide the access (not shown). In addition to e.g. lock, door, gate etc. opening and/or unlocking action, supplementary actions may be executed by the con-troller and/or the receiving device. For example, the aforesaid outcome may be indicated visually through a visual indicator (light such as LED (color may indicate the type of the access, e.g. green may convert into access granted and red into access denied) and/or display) and/or audibly through audio production or reproduction element such as a buzzer, beeper or loudspeaker (e.g. sound characterizing the outcome). The indication elements may be integrated with the controller 10, reader 309, some other element (e.g. the physical access device), or provided as such in a dedicated housing.
Thus in any case, the controller 10 controls the access of the physical access device, wherein the actual physical control (e.g. control over the locking mech- anism) may be direct (e.g. through wiring/cabling to the access device) or indi-rect (e.g. via external reader and/or other element(s) in the signal path).
The controller 10 may be configured to insert or update a log entry indicative of the access request and decision made. A counter value indicative of the access times or remaining access times may be updated for the particular cre-dentials and thus the related person or object (e.g. vehicle) provided with the access.
At 508, the controller 10 sends e.g. a log or other notification of access and optionally other event(s) such as generally access request events or e.g. power failure or sensor data towards the server 20. A communication session may be established. However, as explained herein, the controller 10 advantageously independently triggers the communication towards the server 20 regardless of whether a bi-directional session is established as a result of such initiation or not. The transmission instant of the log may be triggered according to prede- fined logic. For instance, timed/timer-based and/or access event based trans-mission triggering rules may be utilized. In the case of timer based reporting, the reporting frequency is preferably adjustable. It may be e.g. about one second or even less, or considerably more, e.g. few minutes or one or more hours.
The server 20 preferably stores at least part of the received data. It may further analyze the data received from one or more controllers. It may determine e.g. associated statistics having regard to access requests, granted requests, denied requests, concerned parties/credentials, most active locations/controllers, most passive locations/controllers, latency between access request and related response (grant/denial), etc. At 510, external entity such as CRM system/server 422 optionally sends a request for data such as (access) event history data to the server 20. Such requests may be timed, for example, and executed substantially regularly for the provision of associated reports, etc. Alternatively, the request may be obtained via the (G)UI of the access control system or of some external system. The GUI may be web browser-based and operated by a web server.
At 512, the server 10 responds by sending the requested data.
At 514, the external entity optionally sends an update of access rights data to the server 10.
The update is preferably selectively communicated to the concerned one or more controller(s) at 516 preferably upon communication connection estab-lished (dotted arrow 516a) by the controller 10.
FIG. 6 illustrates a flow diagram 600 of an embodiment of a method in accordance with the present invention.
After start-up 602, which may refer to obtaining and configuring necessary hardware, testing the connections between remote elements, setting up initial access right data at a controller, taking care of necessary wiring, etc., the con-troller may execute actions as dictated by the control software thereof. It may, for instance, receive an indication of an access request and related credential(s) 604 via the internal or external reader device(s).
The controller may determine the response to such request by a matching pro-10 cedure where the obtained credential data are compared with access right data stored in the controller and describing the access rights associated with the credentials 606.
At 608, the access is controlled based on access rights corresponding to the credential(s). In case no match has been found or the found user/access rights are not sufficient for the particular access control device (based on access rights data stored by the controller), the access is typically denied, but the practice may vary depending on the use scenario. A signal may sent to or at least towards (e.g. via intermediate device(s)) to the physical access device, such as a door, and particularly e.g. (un)locking mechanism therein to provide access optionally for a predetermined period (e.g. for few seconds after which the access procedure may have to be repeated).
At 610, the controller initiates communication with the remote server, which may refer to sending at least one message or generally predefined signal advantageously following a predetermined, proprietary protocol or data format defining e.g. a number of commands and/or parameters thereto. A communication session may be established.
The events triggering the communication may be timer-based and/or (other) event based as discussed hereinbefore. For example, a log of local access and/or other events may be transferred to the server, optionally periodically.
At 612, subsequent to and responsive to initiating communication with the server, the controller may receive access right data update including e.g. revised access rights, new access rights, disabling of access rights (e.g. temporary), deletion of access rights, etc. provided by the server. The server may transmit such information in accordance with predefined, optionally proprietary, data format/protocol.
At 614, the method execution is ended.
A skilled person shall naturally acknowledge the fact that in practical circum-stances, the execution of different method steps may be intermittent (e.g. 604, 606) or regular (e.g. 610, 612). It may be timed (e.g. initiation of communication toward the server) or respond to external triggering events (e.g. access request incorporating indication of detected credential(s) provided by the reader electronics).
In some embodiments of the present invention, the provided controller, server or generally system may be functionally connected to or integrated with camera surveillance solutions and/or burglar alarm systems. The camera(s) may be supplemented with microphones to capture also audio data from the environment. The integration may implemented on a system level so that the users (such as corporate security offices responsible for the access control of the physical access devices in a number of locations) may access the access control data such as access rights and/or log data via the same UI as data provided by the camera/alarm system. The cameras may include web cameras that transmit video/image data to a network server. The cameras pay support pan, tilt and/or zoom functionality that works according to predefined logic, mo-tion/sound detection and/or remote user control e.g. via the common (G)UI. And as mentioned hereinbefore, at least one instance of the (G)UI may be provided as a terminal-accessible web site or web page.
The access control system may be configured to obtain input from the cam- era/alarm system, optionally via the Internet and e.g. cloud service, and inte-grate the obtained data, such as video image or still image and optionally sound, data with the remaining (G)UI. Accordingly, the end-user may conveniently visually inspect the situation (e.g. who is at the door, is the gate/door open or closed, intact or broken, etc.) at different physical access devices or controllers, if a need arises.
Via the (G)UI of the access control system, it may be possible to select one or more external systems with which the access control system is configured to communicate and exchange data, such as log data or control data, for instance.
The used camera equipment may contain a light source, e.g. infrared light source, of its own or be provided therewith to enable shooting in the dark with camera capable of capturing the emitted and reflected light.
Yet, the obtained visual and/or audible data may be subjected to pattern anal-ysis (e.g. video content analysis such as facial recognition, speaker (voice) recognition) by the server or by a connected entity, e.g. network server/service.
Motion and/or sound detection may be utilized to trigger camera data recording and/or provision of alarms in the systems in addition to potential more refined camera control discussed above.
The same UI, such as browser-based web GUI, may be configured to enable monitoring and controlling multiple sites, optionally simultaneously. The active site may be selectable by the user via the UI by selecting a corresponding item shown, such as icon, symbol, image, or list member, or data regarding multiple sites may be shown adjacent to each other. A site may be associated with at least one dedicated access control server.
The (G)UI may be configured to support manual operation of a physical access device. The (G)UI may include input element such as a selectable software switch or other feature for the purpose. The related signal is transferred via the server to the appropriate controller preferably responsive to communication ini-tiation by the controller.
A physical access control device, such as a door or gate, may be associated with one or a plurality of access levels in the access rights data. Additionally or alternatively, a person or object, or the corresponding credentials, may be associated with one or multiple access levels in the access rights data. Prefera- bly these access levels may be adjusted via the (G)UI so that each server ob-tains the necessary information and delivers it to the concerned controllers, again upon communication initiated by the controllers.
The (G)UI may be configured to export different reports and statistics to the end users according to the user input. Such report creation may be regu-lar/scheduled or triggered upon need. The reports may be in desired documentation or generally textual format such as PDF TM or Microsoft Excel TM, or some predefined digital database format.
It is clear to those skilled in the art that various modifications and variations can be made to the disclosed embodiments of the controller apparatus, related system and method. Other embodiments will be apparent to those skilled in the art from consideration of the specification and practice of the disclosed ap-paratus, system and method.

Claims (26)

  1. Claims 1. An access control controller (10), comprising: an internet protocol, IP, communication module (306); and at least one programmable module (301, 304) configured to cause the access control controller to independently initiate (408a, 516a) secure IP communica-tion, by the IP communication module, to an access control server (20), wherein communication between the controller and the server is controller originated only and during communication, the controller is configured to receive management by the server including updated access right data; and wherein the access control controller is configured to control physical access of a physical access device (21, 22, 23), optionally including a door, turnstile, lid, hatch, or a gate.
  2. 2. The access control controller of claim 1, wherein the at least one programmable module is configured to ignore communication initiation requests re-ceived via the IP communication module from external entities or execute only one or more internal actions, optionally logging and/or analysis, actions based thereon.
  3. 3. The access control controller of any preceding claim, wherein the updated access right data includes at least one element selected from the group con- sisting of: added access right, deleted access right, changed access right, cre-dentials for which access is to be granted, and credentials for which access is to be denied.
  4. 4. The access control controller, being configured to store access right data.
  5. 5. The access control controller of claim 4, wherein said access right data in-cludes indication of credentials for which access is to be granted and/or denied through the control of the physical access device.
  6. 6. The access control controller of claim 5, wherein a credential indicated in the access right data is further associated with stored temporal access right data, such as temporal validity or expiry information.
  7. 7. The access control controller of claim 5 or 6, wherein a credential indicated in the access right data is further associated with a numerical limit of access times and the stored access right data includes indication of used access times or remaining access times.
  8. 8. The access control controller of any preceding claim, wherein the at least one programmable module is configured to initiate the secure IP communication via the IP communication module based on a timer or predefined schedule.
  9. 9. The access control controller of any preceding claim, wherein the at least one programmable module is configured to initiate the secure IP communica-tion via the IP communication module based on an occurrence of at least one predefined event.
  10. 10. The access control controller of claim 9, wherein said event includes at least one element selected from the group consisting of: receipt of a communi- cation request from an external entity captured via the IP communication mod- ule, receipt of an access request of the physical access device, access control action taken responsive to a received access request relative to the physical access device, access granted responsive to a received access request, access denied responsive to a received access request, unknown credential de- tected in connection with a received access request, forbidden credential de-tected in connection with a received access request, and reaching of a predetermined fill state of a memory element or memory space, optionally an event log.
  11. 11. The access control controller of any preceding claim, wherein the pro-grammable module is configured, responsive to a maintenance or management action at the access control controller, to independently initiate the secure IP communication to the access control server via the IP communication module.
  12. 12. The access control controller of any preceding claim, wherein the secure 30 communication comprises encrypted communication.
  13. 13. The access control controller of any preceding claim, configured to apply Internet socket port 443 for the secure communication.
  14. 14. The access control controller of any preceding claim, comprising a reader (307, 309) for capturing at least one credential associated with an access request of the physical access device.
  15. 15. The access control controller of claim 14, wherein the reader is configured to capture credential (420) from or via at least one element selected from the group consisting of: magnetic stripe card, a badge provided with contact based or contactless credential transfer interface, tablet, cell phone, user terminal, wearable device, wearable substantially plastic, paper or cardboard device, wristband device, disposable device, wristop computer, garment-integrated electronics, fob or other token with contact based or contactless credential transfer interface, contact based or contactless smart card, SIM card, camera, video camera, microphone, retinal scanner, RFID device, NFC device, tag with contact based or contactless credential transfer interface, and vehicle electronics.
  16. 16. The access control controller of any preceding claim, configured to capture credential (420) associated with a physical access request and including or being based on at least one credential data element selected from the group consisting of: radio frequency identity, a bar code, 2D bar or matrix code, a mobile ID, terminal device ID or address, textual, alphanumeric or numeric code, user inputted textual, alphanumeric or numeric code, PIN (personal iden-tification number) code, MAC (medium access control) address, biometric id data, voice input, scanned fingerprint, facial image data, iris recognition data, and scanned retina data.
  17. 17. The access control controller of any preceding claim, comprising or being wiredly or wirelessly connected to the controlled physical access device.
  18. 18. The access control controller of any preceding claim, wherein the physical access device comprises a locking device and/or opening device configured to control said physical access.
  19. 19. The access control controller of any preceding claim, wherein the physical 30 access device defines or comprises at least one element selected from the group consisting of: a door, gate, turnstile, elevator, hatch, and lid.
  20. 20. The access control controller of any preceding claim, configured to match obtained credential associated with an access request, with access right data available in the controller to determine whether the access is to be granted or denied based on the request.
  21. 21. An access control system, comprising the access control controller of any preceding claim, and further comprising: an access control server (20), comprising at least one programmable module configured to cause the server to manage the access control controller subsequent to the initiation of communication by the controller, wherein the management includes provision of updated access right data; and an internet protocol, IP, interface (30) configured to functionally link or inte-grate at least one other device or system (32, 422), optionally other access control system and/or a CRM (Customer Relationship Management) system, with said access control system.
  22. 22. The access control system of claim 21, wherein the interface is configured to link a digital application or service into the access control system preferably via the Internet (31).
  23. 23. The access control system of claim 21 or 22, comprising a web server providing a web browser based graphical UI (GUI) for accessing the access control system, optionally for monitoring the status thereof and/or changing the operation parameters or access right data, using an external device (32, 422), optionally a terminal device such as a tablet, phablet, desktop computer, lap-top computer, cell phone or a wearable device.
  24. 24. The access control system of any of claims 21-23, comprising at least access to image data, preferably video image data, obtained by camera equipment substantially aimed towards the physical access device or associated reader.
  25. 25. An access control method (600), comprising: independently initiating (610, 408a, 516a), by an access control controller, a secure IP communication to an access control server, wherein communication between the controller and the server is controller originated only and during communication, the controller is configured to receive (612) management by the server, wherein the management includes receipt of updated access right data; and controlling (604, 606, 608) a physical access of a physical access device by the access control controller.
  26. 26. A computer program, comprising: programmable software code configured to, when executed on a computer, cause the program to independently initiate, by an access control controller, a secure IP communica-tion to an access control server, wherein communication between the controller and the server is controller originated only and during communication, the controller is configured to receive management by the server, wherein the management includes receipt of updated access right data; and control, by the access control controller, a physical access of a physical access device.Amendment to the claims have been filed as follows: Claims 1. An access control controller (10), comprising: an internet protocol, IP, communication module (306); and at least one programmable module (301, 304) configured to cause the access control controller to independently initiate (408a, 516a) secure IP communica-tion, by the IP communication module, to an access control server (20), wherein communication between the controller and the server is controller originated only and during communication, the controller is configured to receive management by the server including updated access right data; and wherein the access control controller is configured to control physical access of a physical access device (21, 22, 23), and further wherein the access control controller is configured to store access right data, said access right data including indication of credentials for which access is to be granted and/or denied through the control of the physical access device, a credential indicated in the O 15 access right data being further associated with stored temporal access right data comprising temporal validity or expiry information, and/or a numerical limit of access times, the stored access right data including indication of used access times or remaining access times.2. The access control controller of claim 1, wherein the at least one program-mable module is configured to ignore communication initiation requests received via the IP communication module from external entities or execute only one or more internal actions based thereon.3. The access control controller of any preceding claim, wherein the updated access right data includes at least one element selected from the group con-sisting of: added access right, deleted access right, changed access right, credentials for which access is to be granted, and credentials for which access is to be denied.4. The access control controller of any preceding claim, wherein the at least one programmable module is configured to initiate the secure IP communica-cr) 15O s° rtion via the IP communication module based on a timer or predefined schedule.5. The access control controller of any preceding claim, wherein the at least one programmable module is configured to initiate the secure IP communication via the IP communication module based on an occurrence of at least one predefined event.6. The access control controller of claim 5, wherein said event includes at least one element selected from the group consisting of: receipt of a communication request from an external entity captured via the IP communication module, re-ceipt of an access request of the physical access device, access control action taken responsive to a received access request relative to the physical access device, access granted responsive to a received access request, access denied responsive to a received access request, unknown credential detected in connection with a received access request, forbidden credential detected in connection with a received access request, and reaching of a predetermined fill state of a memory element or memory space, optionally an event log.7. The access control controller of any preceding claim, wherein the programmable module is configured, responsive to a maintenance or management ac-tion at the access control controller, to independently initiate the secure IP communication to the access control server via the IP communication module.8. The access control controller of any preceding claim, wherein the secure communication comprises encrypted communication.9. The access control controller of any preceding claim, configured to apply Internet socket port 443 for the secure communication.10. The access control controller of any preceding claim, comprising a reader (307, 309) for capturing at least one credential associated with an access request of the physical access device.11. The access control controller of claim 10, wherein the reader is configured to capture credential (420) from or via at least one element selected from the group consisting of: magnetic stripe card, a badge provided with contact based or contactless credential transfer interface, tablet, cell phone, user terminal, wearable device, wearable substantially plastic, paper or cardboard device, wristband device, disposable device, wristop computer, garment-integrated electronics, fob or other token with contact based or contactless credential transfer interface, contact based or contactless smart card, SIM card, camera, video camera, microphone, retinal scanner, RFID device, NFC device, tag with contact based or contactless credential transfer interface, and vehicle electron-ics.12. The access control controller of any preceding claim, configured to capture credential (420) associated with a physical access request and including or being based on at least one credential data element selected from the group consisting of: radio frequency identity, a bar code, 2D bar or matrix code, a mobile ID, terminal device ID or address, textual, alphanumeric or numeric code, user inputted textual, alphanumeric or numeric code, PIN (personal identification number) code, MAC (medium access control) address, biometric id data, voice input, scanned fingerprint, facial image data, iris recognition data, cr) 15 and scanned retina data.13. The access control controller of any preceding claim, comprising or being wiredly or wirelessly connected to the controlled physical access device.14. The access control controller of any preceding claim, wherein the physical access device comprises a locking device and/or opening device configured to control said physical access.15. The access control controller of any preceding claim, wherein the physical access device defines or comprises at least one element selected from the group consisting of: a door, gate, turnstile, elevator, hatch, and lid.16. The access control controller of any preceding claim, configured to match obtained credential associated with an access request, with access right data available in the controller to determine whether the access is to be granted or denied based on the request.17. An access control system, comprising the access control controller of any preceding claim, and further comprising: an access control server (20), comprising at least one programmable module configured to cause the server to manage the access control controller subse- quent to the initiation of communication by the controller, wherein the man-agement includes provision of updated access right data; and an internet protocol, IP, interface (30) configured to functionally link or integrate at least one other device or system (32, 422) with said access control system.18. The access control system of claim 17, wherein the interface is configured to link a digital application or service into the access control system preferably via the Internet (31).19. The access control system of claim 17 or 18, comprising a web server providing a web browser based graphical UI (GUI) for accessing the access control system using an external device (32, 422), optionally a terminal device such as a tablet, phablet, desktop computer, laptop computer, cell phone or a wearable device. (r)20. The access control system of any of claims 17-19, comprising at least ac- O 15 cess to image data, preferably video image data, obtained by camera equip-ment substantially aimed towards the physical access device or associated O reader.21. An access control method (600), comprising: independently initiating (610, 408a, 516a), by an access control controller, a secure IP communication to an access control server, wherein communication between the controller and the server is controller originated only and during communication, the controller is configured to receive (612) management by the server, wherein the management includes receipt of updated access right data; and controlling (604, 606, 608) a physical access of a physical access device by the access control controller, said access right data including indication of credentials for which access is to be granted and/or denied through the control of the physical access device, a credential indicated in the access right data being associated with stored temporal access right data comprising temporal validity or expiry infor-mation, and/or a numerical limit of access times, the stored access right data including indication of used access times or remaining access times.22. A computer program, comprising: programmable software code configured to, when executed on a computer, cause the program to independently initiate, by an access control controller, a secure IP communica-tion to an access control server, wherein communication between the controller and the server is controller originated only and during communication, the controller is configured to receive management by the server, wherein the management includes receipt of updated access right data; and control, by the access control controller, a physical access of a physical access device, wherein access right data includes indication of credentials for which access is (r) to be granted and/or denied through the control of the physical access device, a credential indicated in the access right data being further associated with O 15 stored temporal access right data comprising temporal validity or expiry infor-mation, and/or a numerical limit of access times, the stored access right data O including indication of used access times or remaining access times..
GB1509392.5A 2015-06-01 2015-06-01 Access control controller, related system, method and computer program Withdrawn GB2538963A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB1509392.5A GB2538963A (en) 2015-06-01 2015-06-01 Access control controller, related system, method and computer program
ZA2016/03725A ZA201603725B (en) 2015-06-01 2016-06-01 Access control controller, related system, method and computer program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1509392.5A GB2538963A (en) 2015-06-01 2015-06-01 Access control controller, related system, method and computer program

Publications (2)

Publication Number Publication Date
GB201509392D0 GB201509392D0 (en) 2015-07-15
GB2538963A true GB2538963A (en) 2016-12-07

Family

ID=53677533

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1509392.5A Withdrawn GB2538963A (en) 2015-06-01 2015-06-01 Access control controller, related system, method and computer program

Country Status (2)

Country Link
GB (1) GB2538963A (en)
ZA (1) ZA201603725B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107492168A (en) * 2017-07-21 2017-12-19 厦门狄耐克智能科技股份有限公司 A kind of access control system of residential community and door opening method based on cloud service
EP3349186A1 (en) * 2017-01-12 2018-07-18 dormakaba Deutschland GmbH Method for the evaluation of at least one drive parameter

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008051075A2 (en) * 2006-09-11 2008-05-02 N.V. Nederlandsche Apparatenfabriek Nedap Acces control system
US20140298398A1 (en) * 2013-04-02 2014-10-02 Redcloud, Inc. Self-provisioning access control

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008051075A2 (en) * 2006-09-11 2008-05-02 N.V. Nederlandsche Apparatenfabriek Nedap Acces control system
US20140298398A1 (en) * 2013-04-02 2014-10-02 Redcloud, Inc. Self-provisioning access control

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3349186A1 (en) * 2017-01-12 2018-07-18 dormakaba Deutschland GmbH Method for the evaluation of at least one drive parameter
CN107492168A (en) * 2017-07-21 2017-12-19 厦门狄耐克智能科技股份有限公司 A kind of access control system of residential community and door opening method based on cloud service
CN107492168B (en) * 2017-07-21 2018-06-22 厦门狄耐克智能科技股份有限公司 A kind of access control system of residential community and door opening method based on cloud service

Also Published As

Publication number Publication date
ZA201603725B (en) 2017-08-30
GB201509392D0 (en) 2015-07-15

Similar Documents

Publication Publication Date Title
US11595479B2 (en) Web-cloud hosted unified physical security system
JP7051766B2 (en) Self-provisioning access control
US11480949B2 (en) Systems and methods for virtually tagging and securing industrial equipment
US10178508B1 (en) Real-time, location-aware mobile device data breach prevention
Aldawira et al. Door security system for home monitoring based on ESp32
EP3374918B1 (en) Access and automation control systems with mobile computing device
US10841303B2 (en) Apparatus and methods for micro-segmentation of an enterprise internet-of-things network
KR101274617B1 (en) Security control system and method thereof
KR101852599B1 (en) An entrance control system and method using an mobile device
US11145151B2 (en) Frictionless access control system for a building
KR101855494B1 (en) Door system and method using mobile device
CN111373453A (en) Entrance monitoring system with radio and face recognition mechanism
KR101765080B1 (en) smart door lock system based on iot and the method thereof
CA3080097A1 (en) Managing and controlling access to secured areas
GB2538963A (en) Access control controller, related system, method and computer program
KR102634961B1 (en) Method for management of accessing to user using recognition of object to face employing mobile terminal
EP3968682A1 (en) Authentication using wireless sensing
Kireeva et al. Organization of an Access Control System for Unattended Premises

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)