GB2605782A - An access control system and a method of operating same - Google Patents

An access control system and a method of operating same Download PDF

Info

Publication number
GB2605782A
GB2605782A GB2105079.4A GB202105079A GB2605782A GB 2605782 A GB2605782 A GB 2605782A GB 202105079 A GB202105079 A GB 202105079A GB 2605782 A GB2605782 A GB 2605782A
Authority
GB
United Kingdom
Prior art keywords
access control
mobile telephone
control system
asset
user credential
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB2105079.4A
Other versions
GB202105079D0 (en
Inventor
King David
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cruatech Ltd
Original Assignee
CDL Technology Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CDL Technology Ltd filed Critical CDL Technology Ltd
Priority to GB2105079.4A priority Critical patent/GB2605782A/en
Publication of GB202105079D0 publication Critical patent/GB202105079D0/en
Publication of GB2605782A publication Critical patent/GB2605782A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/28Individual registration on entry or exit involving the use of a pass the pass enabling tracking or indicating presence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/26Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition using a biometric sensor integrated in the pass
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/29Individual registration on entry or exit involving the use of a pass the pass containing active electronic elements, e.g. smartcards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions
    • H04W48/04Access restriction performed under specific conditions based on user or terminal location or mobility data, e.g. moving direction, speed
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/60Indexing scheme relating to groups G07C9/00174 - G07C9/00944
    • G07C2209/63Comprising locating means for detecting the position of the data carrier, i.e. within the vehicle or within a certain distance from the vehicle
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Computer Interaction (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Biomedical Technology (AREA)
  • Health & Medical Sciences (AREA)
  • Telephonic Communication Services (AREA)

Abstract

An access control system for an asset 119, such as a building, comprises an access control server 111, at least one access control reader operable to detect a user credential 107, and an access control database 113 storing user credentials. The user credentials for the system users are set to disabled, by default. A mobile telephone identifier is associated with each of the user credentials and the location of the mobile telephone 105 monitored. When the mobile telephone is determine to be in proximity to the asset, the access control system enables the user credential associated with that mobile telephone and the user credentials can be verified if read. The system disables the user credentials once more when the mobile telephone is no longer in proximity to the asset. A geofence 101 may be used to determine if the mobile telephone is proximate the asset. Biometric authentication based upon data captured by the mobile telephone can be used. The system and method can be used with many different proprietary systems, such as RFID card reading systems, across an organization to provide additional security and control, adding an additional factor of authentication to the existing access process control system.

Description

"An access control system and a method of operating same"
Introduction
This invention relates to an access control system and a method of operating same.
More specifically, the invention relates to an access control system that can operate in conjunction with a plethora of other disparate access control systems and that addresses some of the shortcomings of some of the known access control systems.
Access control systems are used to protect access to assets such as, but not limited to, buildings, rooms within buildings, outdoor areas, machines, equipment and vehicles. The access control system prevents unauthorised access to, or use of, the asset. For example, access control systems are commonly used to control access of employees to their employer's building and even access to areas within those buildings may be restricted to certain employees. Generally speaking, the access control system will require a user to present a tag or a card such as a radio frequency identification (RFID) tag to an RFID reader at the entrance to the location. If the RFID tag is valid, a locking mechanism on a door or gate at the entrance will be temporarily disengaged, permitting access to the user.
Typically, a building will have a plurality of different RFID readers located at different locations around the building, all of which are connected to a common access control server. The access control server has a record of the RFID tags that are permitted access to the asset. When an RFID tag is presented to one of the RFID readers, the RFID reader will transmit that code to the access control server. If the code is valid, i.e. if the RFID tag is valid, the access control server will transmit a signal to disengage the locking mechanism, thereby permitting access to the holder of the RFID tag to the building or room. Although commonplace and very popular, there are however problems with the known solutions.
First of all, although the known systems offer a degree of security, they are not particularly secure. For example, it is not entirely uncommon for tags to be lost or temporarily mislaid and if found by a third party, that third party would be able to access the asset, at least until the loss of the tag was noticed. If the loss of the tag is not noticed -2 -for a lengthy period of time, this can present a significant risk to the manager/owner of the asset. Once it is recognised that the tag is lost, the RFID tag can be disabled. However, it can often take hours, if not days or weeks to identify that the tag has been lost. This represents a significant risk.
Secondly, it is not uncommon for workmates to share tags with other colleagues during the working day. For example, a colleague may be away from their desk without their tag on their person. Rather than go back to their desk to retrieve their own tag, they may borrow a tag from a colleague so that they can gain access through a particular door.
This somewhat obviates the whole point of having the tags in the first place as the person borrowing the tag may have access to areas that they would otherwise be prevented from accessing. Furthermore, if the tags are needed for tracking who had access to a particular asset at a particular time, or for employee location identification in the event of a fire, for example, this would render the information from the tags and the access control system unreliable. It is possible to provide access control systems with enhancements such as biometric identification capability however this significantly increases the cost of installation and operation of these systems.
Thirdly, in certain circumstances, it is may be desirable to require different levels of security clearance for different areas within a building. For example, in a hospital, it may be desirable that every member of staff, medical, clerical and other staff, are able to gain access through the staff entrance into the hospital. However, it will be necessary that only certain members of staff have access to the drug dispensary or areas where radioactive materials are stored. Generally speaking, this requires two or more separate, independent access control systems to be implemented in the hospital which is expensive and inefficient.
It is an object of the present invention to provide an access control system and a method of operating the access control system that overcomes at least some of the above-identified problems. It is a further aspect of the present invention to provide an access control system and a method of operating same that provides a useful choice to the consumer. -3 -
Statements of Invention
According to the invention there is provided an access control system for an asset comprising an access control server, at least one access control reader operable to detect a user credential, the at least one access control reader being in communication with the access control server, and an access control database having at least one user credential stored thereon, the access control database being accessible by the access control server for retrieval of a user credential from the access control database and validation of a user credential presented to an access control reader with the user credential stored in the access control database, characterized in that: for each user credential stored in the access control database, the user credential is set to disabled by default for the asset, and in which there is a mobile telephone identifier associated with that user credential; the access control system further comprising means to identify the presence of a mobile telephone in the proximity of the asset, and means to enable the user credential associated with that mobile telephone only upon detection of the mobile telephone in the proximity of the asset.
By having such an access control system, two factor authentication will be introduced into the access control system, thereby providing an inherently more secure device.
Advantageously, this will be practically imperceptible to the users of the access control system. The user credentials stored in the access control database will be disabled by default. A mobile telephone associated with the user, a practically ubiquitous device carried by the users, will be used to determine when the user is in the vicinity of the asset, and when to enable the user credentials particular to that user. As the user approaches the asset, they will enter a proximity zone surrounding the asset and once identified, their user credentials will be enabled. If the user with their mobile telephone is not in the proximity of the asset, the user credentials will be disabled, thereby preventing use of their RFID fob to gain access to the asset. Therefore, if the user should lose their RFID fob (or other access device), an unscrupulous third party cannot thereafter use the lost RFID fob to gain access to the building unless the normal user of the RFID is already within the proximity of the asset themselves. This will provide a more secure system. -4 -
Advantageously, the system according to the invention may be used with one or more disparate access control systems already in existence in the organisation/facility/location. In other words, the access control system according to the invention can be integrated with one or more other access control systems, the access control system according to the invention being operable to enable or disable user credentials at a high level. The existing access control system may thereafter attend to the tasks that it usually performs, such as door entry, as it would normally do with the difference being that the otherwise acceptable user credentials may have been disabled at a high level before the existing access control system performs its function of checking those credentials and permitting or refusing access.
It will be understood that although an RFID fob has been described in the example of one form of device to provide a user credential to the access control system, the present invention is not solely limited to such an embodiment. Indeed, the user credentials could be an access code entered manually by the user into a keypad or other code transmitted
using near field communications (NFC) or the like.
In one embodiment of the invention there is provided an access control system in which the means to identify the presence of a mobile telephone in the proximity of the asset comprises a geofence surrounding the asset operable to detect the presence of the mobile telephone inside the geofence. This is seen as a particularly effective and simple way in which to implement the present invention. the GPS co-ordinates (for outdoor systems) for the mobile telephone will be plotted and the geofence defined for the asset. Once the user with the mobile telephone comes within the geofence zone, they will be detected and their user credentials enabled.
In one embodiment of the invention there is provided an access control system in which at least one of the access control server and the access control database are located remotely from the asset. This is seen as a secure implementation of the present invention. Furthermore, this will allow the access control to be provided as a service by a third party. All software updates can be done remotely, users added, removed and asset properties (including geofence zones) updated in a secure facility off site. -5 -
In one embodiment of the invention there is provided an access control system in which at least one of the access control server and the access control database are cloud based. For example, it is envisaged that Microsoft 0 Azure 0 cloud services could be used to good effect.
In one embodiment of the invention there is provided an access control system in which the access control database comprises biometric data relating to the user having the user credential. By having biometric data, this can provide a more secure system than was otherwise the case. The biometrics, along with the user credentials and the presence of the mobile telephone within the geofence, can be used in conjunction to provide an even more secure system.
In one embodiment of the invention there is provided an access control system in which there is provided an API for the mobile telephone operable for communication with the access control server. The API will permit the user to update their details and register with the access control system so that the access control system knows the mobile telephone that is associated with a given user and user credentials.
In one embodiment of the invention there is provided an access control system in which the API is operable to capture biometric data of the operator of the mobile telephone and convey that biometric data to the access control server for authentication of the user. This is seen as a particularly simple and effective way of gathering biometric data without the need for additional dedicated hardware as part of the access control system.
In one embodiment of the invention there is provided an access control system in which the user credential is only enabled upon receipt of biometric data from the mobile telephone that corresponds to the biometric data relating to the user having that user credential stored in the access control database.
In one embodiment of the invention there is provided a method of operating an access control system of the type claimed in claims 1 to 8 comprising the steps of: setting all of the user credentials in the access control database to disabled by default -6 -monitoring for the presence of a mobile telephone in the proximity of an asset; on detection of a mobile telephone, the access control server checking the access control database to determine if there is a user credential corresponding to that mobile telephone; and on the access control server determining that there is a user credential corresponding to that mobile telephone stored in the access control database, the access control server setting the user credential to enabled in the access control database.
In this way, the method will be more secure than was heretofore the case. The user credentials will only be enabled on detection of the mobile telephone associated with those user credentials being detected in the vicinity of the asset. Therefore, if the user with the mobile telephone is not within the vicinity of the asset, their user credentials cannot be used by a third party to gain access to the asset.
In one embodiment of the invention there is provided a method of operating an access control system in which the user credential corresponding to that mobile telephone stored in the access control database is set to enabled in the access control database upon receipt of biometric data that corresponds to biometric data associated with the user credentials and that mobile telephone in the access control database. This will provide an even more secure access control method. By requiring a biometric marker of the user, a very robust secure method is provided.
In one embodiment of the invention there is provided a method of operating an access control system in which the method comprises the step of receiving biometric data from the mobile telephone. this is seen as a simple way of gathering the biometric data from the individual without requiring additional hardware apparatus in the system.
In one embodiment of the invention there is provided a method of operating an access control system in which the method comprises the preliminary step of setting the parameters of a geofence surrounding the asset. In certain cases, it may be possible to -7 -simply plot GPS co-ordinates surrounding the asset and this can be set up quickly with the minimum of difficulty.
In one embodiment of the invention there is provided a method of operating an access control system in which the method comprises sending an access control request and user credential enablement requests to a remote access control server. This is seen as a secure way in which the invention may be implemented. Ideally, the access control request is sent to a remote access control server in the cloud.
In one embodiment of the invention there is provided a method of operating an access control system in which the method comprises receiving one of a plurality of types of user credential and comparing the received user credential from one of a plurality of types of user credential stored in the access control database. In this way, the method can operate using a plurality of disparate access control systems under one system and method. For example, a general system for access control to all employees in a hospital and a system for access to pharmacists in the drug dispensary can be controlled under the one method.
In one embodiment of the invention there is provided a method of operating an access control system in which on the mobile telephone leaving the proximity of the asset, the user credential stored in the access control database is set to disabled once more.
Detailed Description of the Invention
The invention will now be more clearly understood from the following description of some embodiments thereof given by way of example only with reference to the accompanying drawings, in which:-Figure 1 is a diagrammatic representation of a first embodiment of the access control system according to the invention; Figure 2 is a diagrammatic representation of a second embodiment of a response platform component of the access control system according to the invention; -8 -Figure 3 is a diagrammatic representation of a third embodiment of a response platform component of the access control system according to the invention; Figure 4 is a diagrammatic representation of a fourth embodiment of a response platform component of the access control system according to the invention.
Referring to Figure 1, there is shown a diagrammatic representation of an access control system according to the invention, indicated generally by the reference numeral 100, installed in an asset location. The access control system 100 comprises a geofence 101 surrounding the asset location, represented by a circle around the asset for simplicity.
When a user 103(a) and their mobile telephone (not shown) are outside the geofence, their user credentials at the asset will be disabled, thereby preventing access to the asset using those user credentials. When the user 103(b) enters the geofence with their mobile telephone 105, the user credentials of the user will be enabled and their apparatus containing their user credentials, in this case an ID badge 107 with a barcode, magnetic strip, NFC chip or the like that can be received by the access control system at the asset to permit access to the asset, will be operable.
The access control system comprises a response platform 109 including an access control system server 111 and an access control system database 113 with user credential information stored thereon. An identity manager 115 is provided to allow integration of users and updating of the user credentials in the access control system database. The identity manager 115 has access to records 117 of the users' information, card data, alerts and event information. In use, if the user 103(b) is detected inside the geofence, the access control system will enable their user credentials for that asset and the user 103(b) can gain entry through door 119 or otherwise access an asset.
According to the present invention, a geofence is four or more points plotted on a graphical / geographical map around a building or specific location. This is created within the Response Platform application in a zone builder by drawing the points onto a map when setting up a zone. Those coordinates are persisted in a database as part of the zone metadata and become part of the information exchange on the Response Platform Rules engine. Rules engine services constantly monitor the last known phone location and based on two rules (in/out of area), the user's credentials are enabled or disabled. -9 -
The end user's phone will have Minder location services enabled in order to communicate with the intelligence engine.
Referring to Figure 2, there is shown a diagrammatic representation of an embodiment of access control system's Response Platform component according to the invention, indicated generally by the reference numeral 200, in which like parts have been given the same reference numeral as before. In Figure 2, the access control system 200 is located predominantly in the cloud. A third party access control system 201 is provided at the asset, and may be, for example, a door access control system that operates using RFID key fobs. A user mobile telephone 105 has an access control system application programming interface (API) thereon. In the present example, the API is a Firebase API as supplied by Google ® Firebase ® service 203.
The access control system's Response Platform component 200 comprises a rules engine 205, a relational database 113, in this instance provided by way of an Azure database, with a plurality of user credentials 207. The user credentials 207 are accessible over a secure communication channel 209 by an on-premises windows host 211. It will be understood that in this embodiment, the on-premises windows host 211 is accessible at the premises but can be cloud based. The windows host 211 comprises a service manager 213, a service manager wizard 215, and a pair of integration processes 217, 219, one (217) for the third party access control system 201 and the other (219) for a third party cloud service 221.
Referring to Figure 3, there is shown a diagrammatic representation of another embodiment of access control system according to the invention, indicated generally by the reference numeral 300, in which like parts have been given the same reference numeral as before. The access control system 300 is similar in many respects to the access control system of Figure 2 with the exception that there is provided a remotely located, accessible personal credential store 301. The on-premises windows host 211 is further provided physically on the asset or customers premises behind a company firewall 303.
Referring to Figure 4, there is shown a diagrammatic representation of another embodiment of access control system's Response Platform component according to the -10 -invention, indicated generally by the reference numeral 400, in which like parts have been given the same reference numeral as before. The access control system 400 is similar in many respects to the access control system of Figures 2 and 3, with the exception that the rules engine 205, the access control system database 113, and the store of user credentials 207, along with the on-premises windows host 211, are all located physically on the asset or customer's premises behind a company firewall 401.
It will be understood from Figures 2 to 4 inclusive that certain parts of the system may be located remote from the asset or on location at or adjacent the location of the asset. This will enable differing levels of security, hardware, and access to the sensitive data of the user credentials.
Throughout the specification, reference is made to mobile telephone The user device may be a mobile telephone, a so-called smart phone, a tablet, a phablet, a laptop, or other device carried on the users person that can be tracked that is separate from their normal form of user credentials.
It will be further understood that various parts of the present invention are performed in hardware and other parts of the invention may be performed either in hardware and/or software. It will be understood that the method steps and various components of the present invention will be performed largely in software and therefore the present invention extends also to computer programs, on or in a carrier, comprising program instructions for causing a computer or a processor to carry out steps of the method or provide functional components for carrying out those steps. The computer program may be in source code format, object code format or a format intermediate source code and object code. The computer program may be stored on or in a carrier, in other words a computer program product, including any computer readable medium, including but not limited to a floppy disc, a CD, a DVD, a memory stick, a tape, a RAM, a ROM, a PROM, an EPROM or a hardware circuit. In certain circumstances, a transmissible carrier such as a carrier signal when transmitted either wirelessly and/or through wire and/or cable could carry the computer program in which cases the wire and/or cable constitute the carrier.
It will be further understood that the present invention may be performed on two, three or more devices with certain parts of the invention being performed by one device and other parts of the invention being performed by another device. The devices may be connected together over a communications network. The present invention and claims are intended to also cover those instances where the system and/or method is operated across two or more devices or pieces of apparatus located in one or more locations. The apparatus and the locations may be in the same or different jurisdictions.
In this specification the terms "comprise, comprises, comprised and comprising" and the terms "include, includes, included and including" are all deemed totally interchangeable and should be afforded the widest possible interpretation.
The invention is not limited to the embodiments hereinbefore described but may be varied in both construction and detail within the scope of the appended claims.

Claims (1)

  1. -12 -Claims: (1) An access control system for an asset comprising an access control server, at least one access control reader operable to detect a user credential, the at least one access control reader being in communication with the access control server, and an access control database having at least one user credential stored thereon, the access control database being accessible by the access control server for retrieval of a user credential from the access control database and validation of a user credential presented to an access control reader with the user credential stored in the access control database, characterized in that for each user credential stored in the access control database, the user credential is set to disabled by default for the asset, and in which there is a mobile telephone identifier associated with that user credential; the access control system further comprising means to identify the presence of a mobile telephone in the proximity of the asset, and means to enable the user credential associated with that mobile telephone only upon detection of the mobile telephone in the proximity of the asset.(2) An access control system as claimed in claim 1 in which the means to identify the presence of a mobile telephone in the proximity of the asset comprises a geofence surrounding the asset operable to detect the presence of the mobile telephone inside the geofence.(3) An access control system as claimed in claim 1 or 2 in which at least one of the access control server and the access control database are located remotely from the asset.(4) An access control system as claimed in claim 3 in which at least one of the access control server and the access control database are cloud based.(5) An access control system as claimed in any preceding claim in which the access control database comprises biometric data relating to the user having the user credential.-13 - (6) An access control system as claimed in any preceding claim in which there is provided an API for the mobile telephone operable for communication with the access control server.(7) An access control system as claimed in claim 6 in which the API is operable to capture biometric data of the operator of the mobile telephone and convey that biometric data to the access control server for authentication of the user.(8) An access control system as claimed in claim 7 in which the user credential is only enabled upon receipt of biometric data from the mobile telephone that corresponds to the biometric data relating to the user having that user credential stored in the access control database.(9) A method of operating an access control system of the type claimed in claims 1 to 8 comprising the steps of: setting all of the user credentials in the access control database to disabled by default monitoring for the presence of a mobile telephone in the proximity of an asset; on detection of a mobile telephone, the access control server checking the access control database to determine if there is a user credential corresponding to that mobile telephone; and on the access control server determining that there is a user credential corresponding to that mobile telephone stored in the access control database, the access control server setting the user credential to enabled in the access control database.(10) A method of operating an access control system as claimed in claim 9 in which the user credential corresponding to that mobile telephone stored in the access -14 -control database is set to enabled in the access control database upon receipt of biometric data that corresponds to biometric data associated with the user credentials and that mobile telephone in the access control database.(11) A method of operating an access control system as claimed in claim 9 or 10 in which the method comprises the step of receiving biometric data from the mobile telephone.(12) A method of operating an access control system as claimed in any one of claims 9 to 11 in which the method comprises the preliminary step of setting the parameters of a geofence surrounding the asset.(13) A method of operating an access control system as claimed in any one of claims 9 to 12 in which the method comprises sending an access control request and user credential enablement requests to a remote access control server.(14) A method of operating an access control system as claimed in any one of claims 9 to 13 in which the method comprises receiving one of a plurality of types of user credential and comparing the received user credential from one of a plurality of types of user credential stored in the access control database.(15) A method of operating an access control system as claimed in any one of claims 9 to 14 in which on the mobile telephone leaving the proximity of the asset, the user credential stored in the access control database is set to disabled once more.
GB2105079.4A 2021-04-09 2021-04-09 An access control system and a method of operating same Withdrawn GB2605782A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB2105079.4A GB2605782A (en) 2021-04-09 2021-04-09 An access control system and a method of operating same

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB2105079.4A GB2605782A (en) 2021-04-09 2021-04-09 An access control system and a method of operating same

Publications (2)

Publication Number Publication Date
GB202105079D0 GB202105079D0 (en) 2021-05-26
GB2605782A true GB2605782A (en) 2022-10-19

Family

ID=75949426

Family Applications (1)

Application Number Title Priority Date Filing Date
GB2105079.4A Withdrawn GB2605782A (en) 2021-04-09 2021-04-09 An access control system and a method of operating same

Country Status (1)

Country Link
GB (1) GB2605782A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090027165A1 (en) * 2007-07-27 2009-01-29 Lucomm Technologies, Inc. Systems and methods for object localization and path identification based on rfid sensing
US20170148241A1 (en) * 2014-07-28 2017-05-25 Dan Kerning Security and Public Safety Application for a Mobile Device with Audio/Video Analytics and Access Control Authentication
US20170236345A1 (en) * 2016-02-11 2017-08-17 Telecommunication Systems, Inc Rfid lock
US20190236870A1 (en) * 2018-02-01 2019-08-01 Telus Communications Inc. System and method for mobile base station authentication
US20200357212A1 (en) * 2017-11-03 2020-11-12 Siemens Schweiz Ag System and Method for Controlling the Access of Persons

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090027165A1 (en) * 2007-07-27 2009-01-29 Lucomm Technologies, Inc. Systems and methods for object localization and path identification based on rfid sensing
US20170148241A1 (en) * 2014-07-28 2017-05-25 Dan Kerning Security and Public Safety Application for a Mobile Device with Audio/Video Analytics and Access Control Authentication
US20170236345A1 (en) * 2016-02-11 2017-08-17 Telecommunication Systems, Inc Rfid lock
US20200357212A1 (en) * 2017-11-03 2020-11-12 Siemens Schweiz Ag System and Method for Controlling the Access of Persons
US20190236870A1 (en) * 2018-02-01 2019-08-01 Telus Communications Inc. System and method for mobile base station authentication

Also Published As

Publication number Publication date
GB202105079D0 (en) 2021-05-26

Similar Documents

Publication Publication Date Title
US11151816B2 (en) Methods and systems for access control and awareness management
US8681984B2 (en) Context-aware based RFID privacy control system and personal privacy protection method using the same
US7633375B2 (en) Information security system, its server and its storage medium
US9154612B2 (en) Secure mobile information management system and method
US9437063B2 (en) Methods and systems for multi-unit real estate management
US7212097B2 (en) Service provision method and apparatus in a distributed system
US20050253714A1 (en) Location-based anti-theft and security system and method
US20240121086A1 (en) Security key for geographical locations
CN109074693B (en) Virtual panel for access control system
AU2023210587A1 (en) Methods and systems for access control and awareness management
US9756467B2 (en) Systems and methods for managing sensitive data stored on a wireless computing device
US20190347441A1 (en) Patient privacy de-identification in firewall switches forming VLAN segregation
JP2007094819A (en) Information distribution system, method, device and program
GB2605782A (en) An access control system and a method of operating same
US9685016B2 (en) System and method for providing access to a defined space
JP7323436B2 (en) Multiple media use system and multiple media use method
JP2007279906A (en) Network access management system
AU2015215970A1 (en) Secure mobile information management system and method
KR20150000442A (en) Security entrance system using Identification means and Operating Method thereof
AU2015202721B2 (en) Secure mobile information management system and method
AU2012216853B2 (en) Secure mobile information management system and method
WO2018234781A1 (en) An identity card holder and system
GB2580771A (en) A method of operating an identity card system
GB2580770A (en) A server in communication with an identity card holder and system
GB2580769A (en) A server in communication with an identity card holder and system

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)