WO2022191765A1 - Arrangement for managing, and communicating, an electronic key, and a system comprising the arrangement - Google Patents

Arrangement for managing, and communicating, an electronic key, and a system comprising the arrangement Download PDF

Info

Publication number
WO2022191765A1
WO2022191765A1 PCT/SE2022/050241 SE2022050241W WO2022191765A1 WO 2022191765 A1 WO2022191765 A1 WO 2022191765A1 SE 2022050241 W SE2022050241 W SE 2022050241W WO 2022191765 A1 WO2022191765 A1 WO 2022191765A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
user
interface
electronic key
mobile device
Prior art date
Application number
PCT/SE2022/050241
Other languages
French (fr)
Inventor
Pierre OSKARSSON
Original Assignee
Nordic Frameworks Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nordic Frameworks Ab filed Critical Nordic Frameworks Ab
Publication of WO2022191765A1 publication Critical patent/WO2022191765A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00857Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/60Indexing scheme relating to groups G07C9/00174 - G07C9/00944
    • G07C2209/63Comprising locating means for detecting the position of the data carrier, i.e. within the vehicle or within a certain distance from the vehicle

Definitions

  • the present invention relates to an arrangement for managing, and communicating, an electronic key, of access systems, a system and an interface, therefore, which may all be useful with regard to any suitable type of resource, for example, an asset, e.g. an access point (e.g. a door, a speed gate, a interlock, a gate, elevator and/or locker), for example, printer access, e.g. vehicle access, e.g. ticketing functions, for example, payment functions, or e.g. rental functions.
  • an asset e.g. an access point (e.g. a door, a speed gate, a interlock, a gate, elevator and/or locker), for example, printer access, e.g. vehicle access, e.g. ticketing functions, for example, payment functions, or e.g. rental functions.
  • an access point e.g. a door, a speed gate, a interlock, a gate, elevator and/or locker
  • printer access e.g. vehicle access, e.g
  • Access to resources such as assets, e.g. an access point (e.g. a door), may be controlled by an electronic access control system. It is known that a person may have a keycard or mobile device to provide their credentials to the access control system.
  • US2020314651 A relates to physical access control systems having credential location detection capabilities, wherein the systems may include a host server to which readers and actuators are connected in a centrally managed configuration. Further, said readers may obtain credentials from key devices (e.g., a radio frequency identification (RFID), or a personal electronic device) and pass those credentials to a host server. Further, the host server may determine whether the credentials authorize access to the secure area and commands the actuator accordingly.
  • RFID radio frequency identification
  • the present invention relates to an arrangement for managing, and communicating, an electronic key, wherein the electronic key concerns access rights to a resource and for its access system
  • the arrangement comprises: a mobile device, wherein the mobile device comprises a software application, e.g. an app, wherein the software application is provided with a secure login and a capability to communicate electronic keys, and means for wireless communication; an interface, wherein the interface comprises means for detection of: a user and if pre-set user proximity requirements are fulfilled, means for wireless communication, and means for communication with a key reader of an access activation system; and a remote server assembly, wherein the remote server assembly comprises means for communication and is, via an application programming interface (API), able to communicate with an access rights database of the access activation system; and wherein the arrangement further comprises that: the mobile device is able to communicate with the remote server assembly through a secure login, and the mobile device is, via the software application, able to communicate an electronic key, generated in the remote server assembly, to the interface, the remote server assembly is, via said API,
  • the arrangement for managing, and communicating, an electronic key in accordance with the present invention, as described herein, may be used with an external access system or with any other suitable system.
  • said external access system may, if necessary, be adapted for optimally functioning together with the arrangement for managing, and communicating, an electronic key, in accordance with the present invention.
  • the resource may, in accordance with the present invention, be any type of resource, for example, an asset, e.g. an access point (e.g. a door, a speed gate, an interlock, a gate, elevator and/or locker), for example, printer access, e.g. vehicle access, e.g. ticketing functions, for example, payment functions, and/or e.g. rental functions.
  • an asset e.g. an access point (e.g. a door, a speed gate, an interlock, a gate, elevator and/or locker)
  • printer access e.g. vehicle access, e.g. ticketing functions, for example, payment functions, and/or e.g. rental functions.
  • ticketing functions for example, payment functions, and/or e.g. rental functions.
  • said "external access system” may, e.g., be an already existing system, or may, for example, be a newly deployed system.
  • the arrangement for managing, and communicating, an electronic key comprises a mobile device, wherein the mobile device may be any suitable device, for example, any type of wearable or wearable technology, e.g. a wearable computer, a hand-held computer device, a mobile telephone, e.g. a smartphone, tablet computer or a personal digital assistant (PDA).
  • a wearable computer e.g. a wearable computer
  • a hand-held computer device e.g. a mobile telephone
  • a mobile telephone e.g. a smartphone, tablet computer or a personal digital assistant (PDA).
  • PDA personal digital assistant
  • the mobile device comprises a software application, e.g. an app, wherein the software application is provided with a secure login and the mobile device is, via the software application, able to communicate an electronic key.
  • a user is able to log in to the software application via a secure login service, i.e. the secure login. Further, by using unique data from the secure login service, the user will be paired with an existing user in the access rights database of the access system.
  • the existing user e.g. an employee, will have its information, for example, name, e-mail-address, and further user info, already in the access rights database.
  • the software application will compare the information from the secure login service with the information already in the access rights database.
  • a new electronic key will be generated in the remote server assembly and the new electronic key, is devoted to said user.
  • the new credential will then be sent to the user ' s mobile device and added as a new credential devoted to the user in the access system via an API.
  • the software application is, in accordance with the present invention, installed on the mobile device to enable functions comprising, but not limited to: establishing a connection with the remote server assembly through internet, and/or intranet, connections; handling secure login procedure via connected service; adding user to "the remote server assembly”; storing electronic key, generated in the remote server assembly, for Bluetooth, e.g. encrypted Bluetooth, for example, Bluetooth low energy (BLE), e.g. encrypted BLE, connection; activating the mobile device to connect with interfaces when in reach; establishing connection with interface via Bluetooth or BLE; communicating with the remote server assembly through a secure login; communicating, i.e. sending, generated electronic key to interface; and/or logging and transmitting user actions and interface status to the remote server assembly.
  • Bluetooth e.g. encrypted Bluetooth, for example, Bluetooth low energy (BLE), e.g. encrypted BLE
  • the interface emulates, for example, a proximity card or a contactless smartcard.
  • the mobile device comprising the installed software application, may also be adapted with functionalities for, and may be used with, any suitable format, for example, any variant, or family, of Mifare formats or Prox EM formats.
  • the software application may also be adapted to be, and be used as, an extra layer of security (e.g. for biometric identification in the mobile device) to specific, or sensitive, resources.
  • an extra layer of security e.g. for biometric identification in the mobile device
  • the software application may also be adapted to be, and be used as, an optional proximity source to simplify access for disabled users or in conditions when the resource is out of reach, for instance at a garage gate.
  • the secure login may, for example, comprise a login via a BankID or Single sign-on (SSO), and/or said secure login may, e.g., comprise a login via an identity and access management (1AM) platform with links to e.g. Single sign-on (SSO) and electronic authentication like, e.g. Swedish BankID.
  • Identity and access management (1AM) is the practice of making sure that people and entities with digital identities have the right level of access to resources, e.g. enterprise resources like networks and databases. User roles and access privileges may be defined and managed through an 1AM system.
  • the arrangement for managing, and communicating, an electronic key comprises an interface, wherein the interface comprises means for detection of: a user and if pre-set user proximity requirements are fulfilled, means for wireless communication, and means for communication with a key reader of an access activation system.
  • electronic key may correspond, for example, to a mobile credential, mobile key, and/or electronic credential.
  • the interface comprises said means for detection of: a user and if pre set user proximity requirements are fulfilled, wherein the means for detection comprises, for example, detection systems, and/or sensors, which may be used to detect proximity, motion, range, angle or velocity of objects, i.e. here user.
  • the detection systems, and/or sensors may, for example, be using infrared (IR), optics, radar (e.g. UWB), ultrasound or sound technology.
  • the interface comprises said means for wireless communication, wherein the means for wireless communication, for example, comprises a Bluetooth interface which can be used to communicate with the mobile device.
  • the interface may, suitably comprise a power supply, which may be connected to a power supply of the key reader or any other external source.
  • the interface may also comprise any suitable microcontroller (MCU) which may be used to process and control data and signals from/to the connected peripherals, i.e. the key reader and/or the mobile device.
  • MCU microcontroller
  • the interface may further also comprise any suitable emulator that may be used to emulate the user credentials to be read by the key reader.
  • the interface as described herein, is ready to communicate with any mobile device that has the software application, e.g. an app, connected to the remote server assembly, e.g. a cloud, and thereby to communicate the key securely.
  • connection between the mobile device and the interface is established via the means for wireless communication, e.g. Bluetooth (BLE), and the generated electronic key is sent, i.e. is communicated.
  • BLE Bluetooth
  • the interface When the interface receives the generated electronic key, it will forward it to the key reader via wireless communication, for example, wireless, and/or contactless, communication, e.g. RFID or NFC, or via any other suitable wireless method/standard.
  • wireless communication for example, wireless, and/or contactless, communication, e.g. RFID or NFC, or via any other suitable wireless method/standard.
  • the access activation system to which the key reader is connected, will grant access to the resource depending on the generated electronic key, i.e. the user's, to which the user credential is attached, access rights.
  • the access rights to the resource are managed entirely by the access activation system.
  • the arrangement for managing, and communicating, an electronic key further comprises a remote server assembly, wherein the remote server assembly comprises means for communication and is, via an application programming interface (API), able to communicate with the access rights database of one or multiple access activation systems.
  • API application programming interface
  • the remote server assembly comprises suitably server unit/s, computer storage medium unit/s, processor unit/s, database unit/s, memory unit/s, cloud unit/s, and communication unit/s. Further, the remote server assembly is able to generate electronic keys and to communicate, with, and via, clients comprising protocols, and with, and via, API/s, whereby the remote server assembly is enabled to communicate with the access rights database of one or multiple access activation systems.
  • the API may suitably be comprised in an external (already existing or new) access system or in any other suitable system. Further, the remote server assembly suitably communicates by means of client functions, e.g. clients comprising protocols, via the API.
  • the arrangement for managing, and communicating, an electronic key further comprises that the mobile device is able to communicate with the remote server assembly through a secure login, and the mobile device is, via the software application, able to communicate an electronic key, generated in the remote server assembly, to the interface.
  • the arrangement for managing, and communicating, an electronic key comprises that the remote server assembly is, via said API, then able to communicate said electronic key to said access rights database, and a generated electronic key, are communicable, via said API and via said remote server assembly, to said mobile device, thereby enabling said mobile device, via the software application, to communicate the generated electronic key, and enabling said interface to be prepared to communicate the generated electronic key to said key reader of said access activation system; and wherein the interface comprises means for installation, and wherein, when the interface is installed within a distance from the key reader that enables communication of the generated electronic key from the mobile device, via the interface, to the key reader, and when the user, and the fulfilment of the pre-set proximity requirements, are detected, the access activation system is enabled to grant access to the resource to the user if authorized.
  • the arrangement for managing, and communicating, an electronic key comprises that the interface comprises means for installation, and, when the interface is installed within a distance from the key reader that enables communication of the generated electronic key from the mobile device, via the interface, to the key reader, and when the user, and the fulfilment of the pre set proximity requirements, are detected, the access activation system is enabled to grant access to the resource to the user, if authorized.
  • the interface as described herein, will suitably be installed in close proximity to the key reader for it to be able to read data from the interface.
  • the interface will suitably be installed in a secure, and protected, way, for example, inside a casing near the key reader and/or, for example, inside the key reader, for example, in the reader ' s enclosement or casing.
  • the interface makes it, surprisingly, possible to smoothly add the solution, i.e. the arrangement for managing, and communicating, an electronic key, as described herein, described herein to any access rights system that uses MIFARE- or Prox EM formatted credentials.
  • the interface, as described herein, and the arrangement for managing, and communicating, an electronic key, as described herein, in accordance with the present invention enables the reuse of any existing hardware and software of access right systems which saves tremendous amounts of resources and lessen the impact on environment.
  • electronic credentials in accordance with the interface, as described herein, and in accordance with the arrangement for managing, and communicating, an electronic key, as described herein, there will also be no need for traditional badges and plastic access cards.
  • an arrangement for managing, and communicating, an electronic key, as described herein, wherein the electronic key concerns access rights to a resource and for its access system, wherein the access system is an access system being external to the arrangement and already existing at the resource.
  • the access system which is external to the arrangement, may be an already existing access system, or may be a new access system.
  • the access system is an already existing access system.
  • an arrangement for managing, and communicating, an electronic key, as described herein is disclosed, wherein the resource is selected from any type of resource, for example, an asset, e.g. an access point (e.g. a door, a speed gate, a interlock, a gate, elevator and/or locker), for example, printer access, e.g. vehicle access, e.g. ticketing functions, for example, payment functions, and/or e.g. rental functions.
  • an asset e.g. an access point (e.g. a door, a speed gate, a interlock, a gate, elevator and/or locker)
  • printer access e.g. vehicle access, e.g. ticketing functions, for example, payment functions, and/or e.g. rental functions.
  • an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the resource is an asset.
  • an arrangement for managing, and communicating, an electronic key, as described herein, comprises, for example, detection systems, and/or sensors, which may be used to detect proximity, motion, range, angle or velocity of objects, i.e. here user.
  • the detection systems, and/or sensors may, for example, be using infrared (IR), optics, radar (e.g. UWB), ultrasound or sound technology, and the detection systems, and/or sensors, may, for example, comprise motion sensors and/or radar devices, e.g. comprising sensor devices, such as motion sensors devices, and/or radar devices.
  • an arrangement for managing, and communicating, an electronic key, as described herein is disclosed, wherein the means for detection comprises detection systems, and/or sensors, for example, comprising motion sensors and/or radar devices, e.g. comprising sensor devices, such as motion sensors devices, and/or radar devices.
  • an arrangement for managing, and communicating, an electronic key, as described herein is disclosed, wherein the means for detection comprises the detection systems, and/or sensors, for example, using infrared (IR), optics, radar (e.g. UWB), ultrasound or sound technology.
  • IR infrared
  • optics e.g. UWB
  • UWB ultrasonic or sound technology
  • An arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the means for detection of: a user, and if pre-set proximity requirements are fulfilled, comprises motion sensors, or radar devices.
  • an arrangement for managing, and communicating, an electronic key as described herein, is disclosed, wherein the means for detection of: a user, and if pre-set proximity requirements are fulfilled, comprises radar devices.
  • an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the interface is compatible with most access activation systems, especially all access activation systems comprising MIFARE formats or Prox EM formats.
  • Bluetooth for example, encrypted Bluetooth, for example, Bluetooth low energy (BLE), e.g. encrypted BLE, e.g. Radio-frequency identification (RFID), for example, near field communication (NFC), for example, Low-Power Wide-Area Networks (LPWAN) technologies, cellular technologies, Long Range (LoRa) technologies, Sigfox technologies, Long Term Evolution (LTE or LTE-M) technologies, Narrow-Band loT (NB-loT) technologies and/or, for example, short-range technologies, e.g. Wi-Fi technologies or, for example, ZigBee technologies.
  • BLE Bluetooth low energy
  • RFID Radio-frequency identification
  • NFC near field communication
  • LPWAN Low-Power Wide-Area Networks
  • LoRa Long Range
  • Sigfox technologies Long Term Evolution
  • LTE or LTE-M Long Term Evolution
  • NB-loT Narrow-Band loT
  • short-range technologies e.g. Wi-Fi technologies or, for example, ZigBee technologies
  • Bluetooth for example, encrypted Bluetooth, for example, Bluetooth low energy (BLE), e.g. encrypted BLE, and/or Radio-frequency identification (RFID), for example, near field communication (NFC).
  • BLE Bluetooth low energy
  • RFID Radio-frequency identification
  • NFC near field communication
  • an arrangement for managing, and communicating, an electronic key, as described herein, wherein the interface is placeable in a secure, and protected, way, for example, inside a casing near the key reader and/or, for example, inside the key reader.
  • the present invention also relates to an arrangement for managing, and communicating, an electronic key, as described herein, wherein, when communication of the generated electronic key from the mobile device, via the interface, to the key reader, is not enabled, the software application is adapted to function with, in the mobile device built in, communication functionalities, e.g. Radio-frequency identification (RFID) emulators, for example, near field communication (NFC) emulators, and the mobile device is thereby, via the software application, enabled to communicate the generated electronic key to the key reader, when the user is detected, and the access activation system is then enabled to grant access to the resource to the user if authorized.
  • RFID Radio-frequency identification
  • NFC near field communication
  • the software application is adapted to function with, in the mobile device built in, communication functionalities, e.g. Radio-frequency identification (RFID) emulators, for example, near field communication (NFC) emulators, and thereby functioning as, and to be used as, an additional credential, for example, in conditions where the interface cannot be applied.
  • RFID Radio-frequency identification
  • NFC near field communication
  • FIG. 1 For embodiments of the arrangement for managing, and communicating, an electronic key, in accordance with the present invention, relate to an arrangement, as described herein, wherein, when communication of the generated electronic key from the mobile device, via the interface, to the key reader, is not enabled, the software application is adapted to function with, in the mobile device built in, communication functionalities, e.g. Radio-frequency identification (RFID) emulators, for example, near field communication (NFC) emulators, and the mobile device is thereby, via the software application, enabled to communicate the generated electronic key to the key reader, when the user is detected, and the access activation system is then enabled to grant access to the resource to the user, if authorized.
  • RFID Radio-frequency identification
  • NFC near field communication
  • the present invention also relates to a system for regulating access to a resource comprising an access system, being able to give access to the resource, wherein the access system comprises an access activation system, a key reader, an access rights database and, at least, one API, and wherein the system for regulating access to the resource further comprises an arrangement for managing, and communicating, an electronic key, as described herein.
  • the interface as described herein, comprised in, and/or communicating with, the system for regulating access to a resource, according to the present invention, is installed in close proximity of the access control system readers, i.e. the key readers, and possibly powered by their power supply.
  • Specific configurations of, e.g. proximity requirements, of the system may be done in the software application, e.g. the app, or in the remote server assembly ' s configuration tool and then pushed via mobile devices.
  • the interface as described herein, wherein the interface shall be paired with the specific system, e.g. the specific customer, in the application server, i.e. the remote server assembly, by a shared digital key. Said pairing may be done with NFC technology or by configuration in a system configuration/maintenance/service application in a mobile device.
  • the invention also relates to a method for managing and communicating an electronic key, wherein the electronic key is associated with access rights, for a user, to a resource and its access system, said method comprising the following steps: allowing a log in for said user, via a login process, to a mobile device; providing a credential for said user, thereby connecting said credential to said user, and generating an electronic key for said user, in a server assembly; transmitting said electronic key to said mobile device and to said access system further transmitting said electronic key to an interface being configured for detecting said user and for communicating with said mobile device; forwarding said electronic key to a key reader forming part of said access system; and granting access to said resource after determining, in said access system, that pre-set requirements are fulfilled by said user.
  • the method may comprise the following steps: detecting the presence of the user; determining if pre-set proximity requirements are fulfilled; and, if this is the case; establishing a connection between said mobile device and said interface; and transmitting said key to said interface .
  • An advantage with the invention is that it may be implemented and integrated in an adaptable and flexible manner in existing systems, if needed.
  • This means that the invention may contribute to cost-effective solutions related to systems allowing access to many types of resources, for example such resources as mentioned initially.
  • the invention can be used for example in hotels, schools, hospitals, airports, office buildings, sports centres and in connection many other types of buildings, properties, objects and scenarios in which access to different types of resources is provided.
  • Figure 1 illustrates a schematic view over an embodiment of the arrangement for managing, and communicating, an electronic key, as described herein, and also over an embodiment of the system for regulating access to a resource, as described herein, wherein the system comprises said arrangement.
  • Figure 2 illustrates a schematic view over an embodiment of the arrangement for managing, and communicating, an electronic key, as described herein, and also over an embodiment of the system for regulating access to a resource, as described herein, wherein the system comprises said arrangement.
  • Figure 3 is a schematic sequence diagram illustrating an embodiment of the arrangement for managing, and communicating, an electronic key, as described herein, and also an embodiment of the system for regulating access to a resource, as described herein.
  • Figure 4 is a schematic sequence diagram illustrating an embodiment of the arrangement for managing, and communicating, an electronic key, as described herein, in particular an embodiment for enrollment for a user.
  • Figure 1 illustrates a schematic view over an embodiment of the arrangement (10) for managing, and communicating, an electronic key (150), as described herein, and also over an embodiment of the system (100) for regulating access to a resource, as described herein, wherein the system (100) comprises said arrangement (10).
  • the arrangement (10) comprises a mobile device (20), wherein the mobile device (20) comprises a software application (21), e.g. an app, wherein the software application (21) is provided with a secure login (22) and a capability to communicate electronic keys, and means for wireless communication (23). Further, the arrangement (10) also comprises an interface (30), wherein the interface (30) comprises means for detection of: a user and if pre-set user proximity requirements are fulfilled (31), means for wireless communication (33), and means for communication (34) with a key reader (53) of an access activation system (52) of the access system (51), e.g. here the external access system (51).
  • the arrangement (10) also comprises a remote server assembly (40), wherein the remote server assembly (40) comprises means for communication and is, via an application programming interface (API) (50), able to communicate with an access rights database (55) of the access activation system (52).
  • a user (200) is able to log in to the software application (21) via a secure login service, i.e. the secure login (22). Further, the user (200) is paired with an existing user in the access rights database (55) of the access system (51).
  • the software application (21) compares the information from the secure login service with the information already in the access rights database (55).
  • a new credential, and an electronic key (150) are generated in the remote server assembly (40) and devoted to said user (200).
  • the electronic key (150) is then sent to the user ' s mobile device (20) and added as an electronic key devoted to the user (200) in the access system (51) via an API (50).
  • the software application (21) being installed on the mobile device (20), enables functions comprising establishing a connection with the remote server assembly (40) through internet, and/or intranet, connections; handling secure login (22) procedure via connected service, and storing user credential generated via the secure login (22); adding user to the remote server assembly (40); storing credential, generated in the remote server assembly (40), and electronic key (150), for Bluetooth, e.g. encrypted Bluetooth, for example, Bluetooth low energy (BLE), e.g.
  • BLE Bluetooth low energy
  • the arrangement (10) for managing, and communicating, an electronic key (150), comprises an interface (30), wherein the interface comprises means for detection of: a user and if pre-set user proximity requirements are fulfilled (31), means for wireless communication (33), and means for communication (34) with a key reader (53) of an access activation system (52).
  • the means for detection of: a user and if pre-set user proximity requirements are fulfilled (31), comprises detection systems (31), and/or sensors (31), which is used to detect proximity, motion, range, angle or velocity of objects, i.e. here user (200).
  • the detection systems (31), and/or sensors (31) may be using infrared (IR), optics, radar (e.g. UWB), ultrasound or sound technology.
  • the interface (30) comprises means for wireless communication (33) comprising a Bluetooth interface which is used to communicate with the mobile device (20).
  • the interface (30) communicates with the mobile device (20) comprising the software application, here the app, (21), being connected to the remote server assembly (40), e.g. a cloud, and thereby communicates the electronic key (150) securely.
  • connection between the mobile device (20) and the interface (30) is established via the means for wireless communication (33), e.g. Bluetooth (BLE), and the generated electronic key (150) is sent, i.e. is communicated.
  • BLE Bluetooth
  • the interface (30) When the interface (30) receives the generated electronic key (150), it will forward it to the key reader (53) via means for communication (34), e.g. via means for wireless communication (34).
  • credential refers to a set of data which is related to the electronic key 150 and the user 200.
  • the access system 51 is consequently configured for granting access for the user 200.
  • the electronic key 150 is transmitted to the key reader 53 of the access system 51 for determining whether the user 200 in question should be granted access to the resource. This means that decisions regarding said access is normally not taken within the interface 30.
  • the method may comprise the following steps:
  • the interface 30 is configured for detecting the presence of the mobile device 20 of the user 200.
  • the mobile device 20 can also be configured for detecting the presence of the interface 30.
  • the electronic key 150 can be transmitted to the interface 30 either after the proximity requirements have been detected, or can alternatively be transmitted to the interface 30 before the proximity requirements have been actuated.
  • the electronic key 150 is transmitted from the interface 30 to the key reader 53 in the access system 51 in order to grant access to the resource if the user 200 is authorized for such access.
  • the above-mentioned interface 30 is configured to operate as a bridge for communication between the mobile device 20 and the interface 30, and also for communication between the interface 30 and the access system 51. In this manner, the interface 30 bridges the connection for the user 200, via the mobile device 20 and the interface 30, to the access system 51 and the access activation system 52 so as to obtain access to the resource in question.
  • the interface 30 is configured for detecting whether the user 200 is physically close to the interface 30 and is configured for transmitting the electronic key 150 to the key reader 53 if the pre-set proximity requirements are met by the user 200.
  • This bridging function of the interface 30 is that it can be added to an existing access rights system for virtually any type of resource, providing the functionality of electronic keys, to which access could be granted if pre-determined requirements are met. This contributes to a cost-effective solution for granting access to said resource.
  • a further advantage of the arrangement and method according to this disclosure is that it may be used alongside an existing resource access system, which for example may be based on physical key cards which are used for unlocking the resources via said key reader. This makes it possible to enable a possibility to use both electronic keys and physical keys at the same time and in the same resource access system.
  • Figure 2 illustrates a schematic view over an embodiment of an embodiment of the arrangement (10) for managing, and communicating, an electronic key (150), as described herein, and also over an embodiment of the system (100) for regulating access to a resource, as described herein, wherein the system (100) comprises said arrangement (10), all as in Figure 1.
  • the user (200) utilises a biometric identification in the mobile device (20), and that the user (200) then approaches the resource, key reader (53) and the interface (30).
  • the mobile device (20) and the interface (30) are comprised in the arrangement (10) for managing, and communicating, an electronic key (150).
  • the remote server assembly (40), also comprised in the arrangement (10), is not shown in Figure 2.
  • the interface 30 is suitably configured so as to be integrated within an existing resource access system 51. More precisely, the interface 30 can be positioned within the key reader 53 and be connected to the same voltage supply as the key reader 53. Being arranged in such manner, the interface 30 can be configured by a technician as regards for example detection of the presence of users 200 and similar parameters. The interface 30 can also be connected to other systems within this concept so as to provide the functionality described above.
  • Figure 3 is a schematic sequence diagram illustrating an embodiment of the arrangement (10) for managing, and communicating, an electronic key (150), as described herein, and also an embodiment of the system (100) for regulating access to a resource, as described herein, wherein the system (100) comprises said arrangement (10), all as in Figures 1 and 2.
  • Figure 3 thus illustrates an exemplified embodiment of the sequence for regulating access to a resource in connection to the arrangement (10), and to the system (100), both in accordance with the present invention.
  • the access system (External access system) (51) comprises a key reader (Reader) (53) and a "Central unit”.
  • Figure 4 teaches a schematic sequence diagram illustrating an embodiment of the arrangement and method for managing, and communicating, an electronic key 150, as described herein.
  • Figure 4 teaches an enrollment process in which a user 200 may provide user information in a login process, after which user information is transmitted to the remote server 40, in which an electronic key 150 is generated.
  • the electronic key 150 can be transmitted to the access system 51 (in an external system) and also to the mobile device 20.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Lock And Its Accessories (AREA)
  • Telephone Set Structure (AREA)

Abstract

The invention concerns an arrangement (10) for managing, and communicating, an electronic key (150), the arrangement (10) comprises: a mobile device (20), the mobile device (20) comprising software application (21 ) with secure login (22) and capability to communicate electronic keys, and means for wireless communication (23); an interface (30), comprising means for detection of: a user and if proximity requirements are fulfilled (31 ), means for wireless communication (33), and means for communication (34) with key reader (53) of access activation system (52); and a remote server assembly (40) comprising means for communication and able to communicate with access rights database (55). The invention also relates to a system for regulating access to a resource and an interface for enabling communication of an electronic key.

Description

ARRANGEMENT FOR MANAGING, AND COMMUNICATING, AN ELECTRONIC KEY, AND A SYSTEM COMPRISING THE ARRANGEMENT
TECHNICAL FIELD
The present invention relates to an arrangement for managing, and communicating, an electronic key, of access systems, a system and an interface, therefore, which may all be useful with regard to any suitable type of resource, for example, an asset, e.g. an access point (e.g. a door, a speed gate, a interlock, a gate, elevator and/or locker), for example, printer access, e.g. vehicle access, e.g. ticketing functions, for example, payment functions, or e.g. rental functions.
BACKGROUND ART
Access to resources, such as assets, e.g. an access point (e.g. a door), may be controlled by an electronic access control system. It is known that a person may have a keycard or mobile device to provide their credentials to the access control system.
Moreover, for example US2020314651 A relates to physical access control systems having credential location detection capabilities, wherein the systems may include a host server to which readers and actuators are connected in a centrally managed configuration. Further, said readers may obtain credentials from key devices (e.g., a radio frequency identification (RFID), or a personal electronic device) and pass those credentials to a host server. Further, the host server may determine whether the credentials authorize access to the secure area and commands the actuator accordingly.
However, there is still a need for sustainable and environment friendly solutions in relation to access control systems.
DESCRIPTION OF THE INVENTION
The present invention relates to an arrangement for managing, and communicating, an electronic key, wherein the electronic key concerns access rights to a resource and for its access system, wherein the arrangement comprises: a mobile device, wherein the mobile device comprises a software application, e.g. an app, wherein the software application is provided with a secure login and a capability to communicate electronic keys, and means for wireless communication; an interface, wherein the interface comprises means for detection of: a user and if pre-set user proximity requirements are fulfilled, means for wireless communication, and means for communication with a key reader of an access activation system; and a remote server assembly, wherein the remote server assembly comprises means for communication and is, via an application programming interface (API), able to communicate with an access rights database of the access activation system; and wherein the arrangement further comprises that: the mobile device is able to communicate with the remote server assembly through a secure login, and the mobile device is, via the software application, able to communicate an electronic key, generated in the remote server assembly, to the interface, the remote server assembly is, via said API, then able to communicate said electronic key to said access rights database, and the execution of the validation, and a generated electronic key, are communicable, via said API and via said remote server assembly, to said mobile device, thereby enabling said mobile device, via the software application, to communicate the generated electronic key, and enabling said interface to be prepared to communicate the generated electronic key to said key reader of said access activation system; and wherein the interface comprises means for installation, and, when the interface is installed within a distance from the key reader that enables communication of the generated electronic key from the mobile device, via the interface, to the key reader, and when the user, and the fulfilment of the pre-set proximity requirements, are detected, the access activation system is enabled to grant access to the resource to the user if authorized.
The arrangement for managing, and communicating, an electronic key, in accordance with the present invention, as described herein, may be used with an external access system or with any other suitable system.
Further, said external access system may, if necessary, be adapted for optimally functioning together with the arrangement for managing, and communicating, an electronic key, in accordance with the present invention.
The resource may, in accordance with the present invention, be any type of resource, for example, an asset, e.g. an access point (e.g. a door, a speed gate, an interlock, a gate, elevator and/or locker), for example, printer access, e.g. vehicle access, e.g. ticketing functions, for example, payment functions, and/or e.g. rental functions.
Furthermore, said "external access system" may, e.g., be an already existing system, or may, for example, be a newly deployed system.
Further, the arrangement for managing, and communicating, an electronic key, as described herein, comprises a mobile device, wherein the mobile device may be any suitable device, for example, any type of wearable or wearable technology, e.g. a wearable computer, a hand-held computer device, a mobile telephone, e.g. a smartphone, tablet computer or a personal digital assistant (PDA).
The mobile device, as described herein, comprises a software application, e.g. an app, wherein the software application is provided with a secure login and the mobile device is, via the software application, able to communicate an electronic key. A user is able to log in to the software application via a secure login service, i.e. the secure login. Further, by using unique data from the secure login service, the user will be paired with an existing user in the access rights database of the access system. The existing user, e.g. an employee, will have its information, for example, name, e-mail-address, and further user info, already in the access rights database. The software application will compare the information from the secure login service with the information already in the access rights database. A new electronic key, will be generated in the remote server assembly and the new electronic key, is devoted to said user. The new credential will then be sent to the user's mobile device and added as a new credential devoted to the user in the access system via an API.
The software application is, in accordance with the present invention, installed on the mobile device to enable functions comprising, but not limited to: establishing a connection with the remote server assembly through internet, and/or intranet, connections; handling secure login procedure via connected service; adding user to "the remote server assembly"; storing electronic key, generated in the remote server assembly, for Bluetooth, e.g. encrypted Bluetooth, for example, Bluetooth low energy (BLE), e.g. encrypted BLE, connection; activating the mobile device to connect with interfaces when in reach; establishing connection with interface via Bluetooth or BLE; communicating with the remote server assembly through a secure login; communicating, i.e. sending, generated electronic key to interface; and/or logging and transmitting user actions and interface status to the remote server assembly. How user credentials are generated is depending on credential setup, and capabilities, of each individual access rights system or access system. The interface emulates, for example, a proximity card or a contactless smartcard. Further, the mobile device, comprising the installed software application, may also be adapted with functionalities for, and may be used with, any suitable format, for example, any variant, or family, of Mifare formats or Prox EM formats.
Further, the software application may also be adapted to be, and be used as, an extra layer of security (e.g. for biometric identification in the mobile device) to specific, or sensitive, resources.
Furthermore, the software application may also be adapted to be, and be used as, an optional proximity source to simplify access for disabled users or in conditions when the resource is out of reach, for instance at a garage gate.
The secure login may, for example, comprise a login via a BankID or Single sign-on (SSO), and/or said secure login may, e.g., comprise a login via an identity and access management (1AM) platform with links to e.g. Single sign-on (SSO) and electronic authentication like, e.g. Swedish BankID. Identity and access management (1AM) is the practice of making sure that people and entities with digital identities have the right level of access to resources, e.g. enterprise resources like networks and databases. User roles and access privileges may be defined and managed through an 1AM system.
Further the arrangement for managing, and communicating, an electronic key, as described herein, comprises an interface, wherein the interface comprises means for detection of: a user and if pre-set user proximity requirements are fulfilled, means for wireless communication, and means for communication with a key reader of an access activation system.
Furthermore, the term "electronic key" may correspond, for example, to a mobile credential, mobile key, and/or electronic credential.
The interface, as described herein, comprises said means for detection of: a user and if pre set user proximity requirements are fulfilled, wherein the means for detection comprises, for example, detection systems, and/or sensors, which may be used to detect proximity, motion, range, angle or velocity of objects, i.e. here user. The detection systems, and/or sensors, may, for example, be using infrared (IR), optics, radar (e.g. UWB), ultrasound or sound technology.
Further, the interface comprises said means for wireless communication, wherein the means for wireless communication, for example, comprises a Bluetooth interface which can be used to communicate with the mobile device.
The interface, as described herein, may, suitably comprise a power supply, which may be connected to a power supply of the key reader or any other external source.
Further, the interface may also comprise any suitable microcontroller (MCU) which may be used to process and control data and signals from/to the connected peripherals, i.e. the key reader and/or the mobile device. Moreover, the interface may further also comprise any suitable emulator that may be used to emulate the user credentials to be read by the key reader. Further, the interface, as described herein, is ready to communicate with any mobile device that has the software application, e.g. an app, connected to the remote server assembly, e.g. a cloud, and thereby to communicate the key securely.
Furthermore, when the pre-set proximity requirements are fulfilled, connection between the mobile device and the interface is established via the means for wireless communication, e.g. Bluetooth (BLE), and the generated electronic key is sent, i.e. is communicated.
When the interface receives the generated electronic key, it will forward it to the key reader via wireless communication, for example, wireless, and/or contactless, communication, e.g. RFID or NFC, or via any other suitable wireless method/standard.
The access activation system, to which the key reader is connected, will grant access to the resource depending on the generated electronic key, i.e. the user's, to which the user credential is attached, access rights.
The access rights to the resource are managed entirely by the access activation system.
The arrangement for managing, and communicating, an electronic key, as described herein, further comprises a remote server assembly, wherein the remote server assembly comprises means for communication and is, via an application programming interface (API), able to communicate with the access rights database of one or multiple access activation systems.
The remote server assembly comprises suitably server unit/s, computer storage medium unit/s, processor unit/s, database unit/s, memory unit/s, cloud unit/s, and communication unit/s. Further, the remote server assembly is able to generate electronic keys and to communicate, with, and via, clients comprising protocols, and with, and via, API/s, whereby the remote server assembly is enabled to communicate with the access rights database of one or multiple access activation systems. The API may suitably be comprised in an external (already existing or new) access system or in any other suitable system. Further, the remote server assembly suitably communicates by means of client functions, e.g. clients comprising protocols, via the API.
Further, the arrangement for managing, and communicating, an electronic key, as described herein, further comprises that the mobile device is able to communicate with the remote server assembly through a secure login, and the mobile device is, via the software application, able to communicate an electronic key, generated in the remote server assembly, to the interface.
Further, the arrangement for managing, and communicating, an electronic key, as described herein, comprises that the remote server assembly is, via said API, then able to communicate said electronic key to said access rights database, and a generated electronic key, are communicable, via said API and via said remote server assembly, to said mobile device, thereby enabling said mobile device, via the software application, to communicate the generated electronic key, and enabling said interface to be prepared to communicate the generated electronic key to said key reader of said access activation system; and wherein the interface comprises means for installation, and wherein, when the interface is installed within a distance from the key reader that enables communication of the generated electronic key from the mobile device, via the interface, to the key reader, and when the user, and the fulfilment of the pre-set proximity requirements, are detected, the access activation system is enabled to grant access to the resource to the user if authorized.
Moreover, the arrangement for managing, and communicating, an electronic key, in accordance with the present invention, and as described herein, comprises that the interface comprises means for installation, and, when the interface is installed within a distance from the key reader that enables communication of the generated electronic key from the mobile device, via the interface, to the key reader, and when the user, and the fulfilment of the pre set proximity requirements, are detected, the access activation system is enabled to grant access to the resource to the user, if authorized.
The interface, as described herein, will suitably be installed in close proximity to the key reader for it to be able to read data from the interface.
The interface, as described herein, will suitably be installed in a secure, and protected, way, for example, inside a casing near the key reader and/or, for example, inside the key reader, for example, in the reader's enclosement or casing.
The interface, as described herein, makes it, surprisingly, possible to smoothly add the solution, i.e. the arrangement for managing, and communicating, an electronic key, as described herein, described herein to any access rights system that uses MIFARE- or Prox EM formatted credentials. Thus, the interface, as described herein, and the arrangement for managing, and communicating, an electronic key, as described herein, in accordance with the present invention, enables the reuse of any existing hardware and software of access right systems which saves tremendous amounts of resources and lessen the impact on environment. Further, by using electronic credentials in accordance with the interface, as described herein, and in accordance with the arrangement for managing, and communicating, an electronic key, as described herein, there will also be no need for traditional badges and plastic access cards.
In embodiments, in accordance with the present invention, an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the electronic key concerns access rights to a resource and for its access system, wherein the access system is an access system being external to the arrangement and already existing at the resource.
The access system, which is external to the arrangement, may be an already existing access system, or may be a new access system.
In further embodiments, the access system is an already existing access system.
In still further embodiments, in accordance with the present invention, an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the resource is selected from any type of resource, for example, an asset, e.g. an access point (e.g. a door, a speed gate, a interlock, a gate, elevator and/or locker), for example, printer access, e.g. vehicle access, e.g. ticketing functions, for example, payment functions, and/or e.g. rental functions.
In particular embodiments, in accordance with the present invention, an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the resource is an asset.
In accordance with the present invention, an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the means for detection of: a user, and if pre-set proximity requirements are fulfilled, comprises, for example, detection systems, and/or sensors, which may be used to detect proximity, motion, range, angle or velocity of objects, i.e. here user. The detection systems, and/or sensors, may, for example, be using infrared (IR), optics, radar (e.g. UWB), ultrasound or sound technology, and the detection systems, and/or sensors, may, for example, comprise motion sensors and/or radar devices, e.g. comprising sensor devices, such as motion sensors devices, and/or radar devices.
In further embodiments, in accordance with the present invention, an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the means for detection comprises detection systems, and/or sensors, for example, comprising motion sensors and/or radar devices, e.g. comprising sensor devices, such as motion sensors devices, and/or radar devices.
In even further embodiments, in accordance with the present invention, an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the means for detection comprises the detection systems, and/or sensors, for example, using infrared (IR), optics, radar (e.g. UWB), ultrasound or sound technology.
An arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the means for detection of: a user, and if pre-set proximity requirements are fulfilled, comprises motion sensors, or radar devices.
Further, an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the means for detection of: a user, and if pre-set proximity requirements are fulfilled, comprises radar devices.
Furthermore, also in accordance with the present invention, an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the interface is compatible with most access activation systems, especially all access activation systems comprising MIFARE formats or Prox EM formats.
An arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the means for communication with the key reader comprises e.g. Bluetooth, for example, encrypted Bluetooth, for example, Bluetooth low energy (BLE), e.g. encrypted BLE, e.g. Radio-frequency identification (RFID), for example, near field communication (NFC), for example, Low-Power Wide-Area Networks (LPWAN) technologies, cellular technologies, Long Range (LoRa) technologies, Sigfox technologies, Long Term Evolution (LTE or LTE-M) technologies, Narrow-Band loT (NB-loT) technologies and/or, for example, short-range technologies, e.g. Wi-Fi technologies or, for example, ZigBee technologies.
Further, an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the means for communication with the key reader utilises Bluetooth, for example, encrypted Bluetooth, for example, Bluetooth low energy (BLE), e.g. encrypted BLE, and/or Radio-frequency identification (RFID), for example, near field communication (NFC).
In accordance with the present invention, an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the interface is placeable in a secure, and protected, way, for example, inside a casing near the key reader and/or, for example, inside the key reader.
Further, the present invention also relates to an arrangement for managing, and communicating, an electronic key, as described herein, wherein, when communication of the generated electronic key from the mobile device, via the interface, to the key reader, is not enabled, the software application is adapted to function with, in the mobile device built in, communication functionalities, e.g. Radio-frequency identification (RFID) emulators, for example, near field communication (NFC) emulators, and the mobile device is thereby, via the software application, enabled to communicate the generated electronic key to the key reader, when the user is detected, and the access activation system is then enabled to grant access to the resource to the user if authorized.
In further embodiments in accordance with the present invention of the arrangement for managing, and communicating, an electronic key, as described herein, and in situations, when communication of the generated electronic key from the mobile device, via the interface, to the key reader, is not enabled, the software application is adapted to function with, in the mobile device built in, communication functionalities, e.g. Radio-frequency identification (RFID) emulators, for example, near field communication (NFC) emulators, and thereby functioning as, and to be used as, an additional credential, for example, in conditions where the interface cannot be applied.
Further embodiments of the arrangement for managing, and communicating, an electronic key, in accordance with the present invention, relate to an arrangement, as described herein, wherein, when communication of the generated electronic key from the mobile device, via the interface, to the key reader, is not enabled, the software application is adapted to function with, in the mobile device built in, communication functionalities, e.g. Radio-frequency identification (RFID) emulators, for example, near field communication (NFC) emulators, and the mobile device is thereby, via the software application, enabled to communicate the generated electronic key to the key reader, when the user is detected, and the access activation system is then enabled to grant access to the resource to the user, if authorized.
The present invention also relates to a system for regulating access to a resource comprising an access system, being able to give access to the resource, wherein the access system comprises an access activation system, a key reader, an access rights database and, at least, one API, and wherein the system for regulating access to the resource further comprises an arrangement for managing, and communicating, an electronic key, as described herein.
The interface as described herein, comprised in, and/or communicating with, the system for regulating access to a resource, according to the present invention, is installed in close proximity of the access control system readers, i.e. the key readers, and possibly powered by their power supply. Specific configurations of, e.g. proximity requirements, of the system may be done in the software application, e.g. the app, or in the remote server assembly's configuration tool and then pushed via mobile devices.
The interface, as described herein, wherein the interface shall be paired with the specific system, e.g. the specific customer, in the application server, i.e. the remote server assembly, by a shared digital key. Said pairing may be done with NFC technology or by configuration in a system configuration/maintenance/service application in a mobile device. The invention also relates to a method for managing and communicating an electronic key, wherein the electronic key is associated with access rights, for a user, to a resource and its access system, said method comprising the following steps: allowing a log in for said user, via a login process, to a mobile device; providing a credential for said user, thereby connecting said credential to said user, and generating an electronic key for said user, in a server assembly; transmitting said electronic key to said mobile device and to said access system further transmitting said electronic key to an interface being configured for detecting said user and for communicating with said mobile device; forwarding said electronic key to a key reader forming part of said access system; and granting access to said resource after determining, in said access system, that pre-set requirements are fulfilled by said user.
According to an embodiment, the method may comprise the following steps: detecting the presence of the user; determining if pre-set proximity requirements are fulfilled; and, if this is the case; establishing a connection between said mobile device and said interface; and transmitting said key to said interface .
An advantage with the invention is that it may be implemented and integrated in an adaptable and flexible manner in existing systems, if needed. This means that the invention may contribute to cost-effective solutions related to systems allowing access to many types of resources, for example such resources as mentioned initially. The invention can be used for example in hotels, schools, hospitals, airports, office buildings, sports centres and in connection many other types of buildings, properties, objects and scenarios in which access to different types of resources is provided.
BRIEF DESCRIPTION OF DRAWINGS
Aspects of the invention will be described in greater detail with reference to the embodiments that are shown in the drawings, in which
Figure 1 illustrates a schematic view over an embodiment of the arrangement for managing, and communicating, an electronic key, as described herein, and also over an embodiment of the system for regulating access to a resource, as described herein, wherein the system comprises said arrangement. Figure 2 illustrates a schematic view over an embodiment of the arrangement for managing, and communicating, an electronic key, as described herein, and also over an embodiment of the system for regulating access to a resource, as described herein, wherein the system comprises said arrangement.
Figure 3 is a schematic sequence diagram illustrating an embodiment of the arrangement for managing, and communicating, an electronic key, as described herein, and also an embodiment of the system for regulating access to a resource, as described herein.
Figure 4 is a schematic sequence diagram illustrating an embodiment of the arrangement for managing, and communicating, an electronic key, as described herein, in particular an embodiment for enrollment for a user.
DETAILED DESCRIPTION
The embodiments of the present invention as described in the following are to be regarded only as examples and are in no way intended to limit the scope of the present invention.
Figure 1 illustrates a schematic view over an embodiment of the arrangement (10) for managing, and communicating, an electronic key (150), as described herein, and also over an embodiment of the system (100) for regulating access to a resource, as described herein, wherein the system (100) comprises said arrangement (10).
Further, the electronic key (150) concerns access rights to a resource and for its access system (51), e.g. here an external access system (51). The arrangement (10) comprises a mobile device (20), wherein the mobile device (20) comprises a software application (21), e.g. an app, wherein the software application (21) is provided with a secure login (22) and a capability to communicate electronic keys, and means for wireless communication (23). Further, the arrangement (10) also comprises an interface (30), wherein the interface (30) comprises means for detection of: a user and if pre-set user proximity requirements are fulfilled (31), means for wireless communication (33), and means for communication (34) with a key reader (53) of an access activation system (52) of the access system (51), e.g. here the external access system (51). Furthermore, the arrangement (10) also comprises a remote server assembly (40), wherein the remote server assembly (40) comprises means for communication and is, via an application programming interface (API) (50), able to communicate with an access rights database (55) of the access activation system (52). A user (200) is able to log in to the software application (21) via a secure login service, i.e. the secure login (22). Further, the user (200) is paired with an existing user in the access rights database (55) of the access system (51). The software application (21) compares the information from the secure login service with the information already in the access rights database (55). A new credential, and an electronic key (150), are generated in the remote server assembly (40) and devoted to said user (200). The electronic key (150) is then sent to the user's mobile device (20) and added as an electronic key devoted to the user (200) in the access system (51) via an API (50). The software application (21), being installed on the mobile device (20), enables functions comprising establishing a connection with the remote server assembly (40) through internet, and/or intranet, connections; handling secure login (22) procedure via connected service, and storing user credential generated via the secure login (22); adding user to the remote server assembly (40); storing credential, generated in the remote server assembly (40), and electronic key (150), for Bluetooth, e.g. encrypted Bluetooth, for example, Bluetooth low energy (BLE), e.g. encrypted BLE, connection; activating the mobile device (20) to connect with interfaces when in reach; establishing connection with interface (30) via Bluetooth or BLE; sending user credential, generated via the secure login (22), to the remote server assembly (40); communicating, i.e. sending, generated electronic key (150) to interface (30); and/or logging and transmitting user actions and interface status to the remote server assembly (40).
Further in Figure 1, the arrangement (10) for managing, and communicating, an electronic key (150), comprises an interface (30), wherein the interface comprises means for detection of: a user and if pre-set user proximity requirements are fulfilled (31), means for wireless communication (33), and means for communication (34) with a key reader (53) of an access activation system (52). The means for detection of: a user and if pre-set user proximity requirements are fulfilled (31), comprises detection systems (31), and/or sensors (31), which is used to detect proximity, motion, range, angle or velocity of objects, i.e. here user (200). The detection systems (31), and/or sensors (31), may be using infrared (IR), optics, radar (e.g. UWB), ultrasound or sound technology. Further, the interface (30) comprises means for wireless communication (33) comprising a Bluetooth interface which is used to communicate with the mobile device (20). The interface (30) communicates with the mobile device (20) comprising the software application, here the app, (21), being connected to the remote server assembly (40), e.g. a cloud, and thereby communicates the electronic key (150) securely.
Furthermore, when the pre-set proximity requirements are fulfilled (31), connection between the mobile device (20) and the interface (30) is established via the means for wireless communication (33), e.g. Bluetooth (BLE), and the generated electronic key (150) is sent, i.e. is communicated.
When the interface (30) receives the generated electronic key (150), it will forward it to the key reader (53) via means for communication (34), e.g. via means for wireless communication (34).
The access activation system (52), to which the key reader (53) is connected, grants access (160) to the resource depending on the generated electronic key (150), i.e. the user's (200), to which the user credential is attached, access rights.
In summary, and according to an aspect of this disclosure, a method is provided for managing and communicating an electronic key 150, wherein the electronic key 150 is associated with access rights, for a user 200, to a resource and its access system 51, said method comprising the following steps:
- allowing a log in for said user 200, via a login process, to a mobile device 20;
- providing a credential for said user 200, thereby connecting said credential to said user 200, and generating an electronic key 150 for said user 200, in a server assembly 40;
- transmitting said electronic key 150 to said mobile device 20 and to said access system 51
- further transmitting said electronic key 150 to an interface 30 being configured for detecting said user 200 and for communicating with said mobile device 20;
- forwarding said electronic key 150 to a key reader 53 forming part of said access system 51; and - granting access to said resource after determining, in said access system 51, that pre-set requirements are fulfilled by said user 200.
The term "credential" refers to a set of data which is related to the electronic key 150 and the user 200. According to an embodiment, the access system 51 is consequently configured for granting access for the user 200. The electronic key 150 is transmitted to the key reader 53 of the access system 51 for determining whether the user 200 in question should be granted access to the resource. This means that decisions regarding said access is normally not taken within the interface 30. Preferably, the method may comprise the following steps:
- detecting the presence of the user 200;
- determining if pre-set proximity requirements are fulfilled; and, if this is the case;
- establishing a connection between said mobile device 20 and said interface 30; and
- transmitting said key 150 to said interface 30. According to an embodiment, the interface 30 is configured for detecting the presence of the mobile device 20 of the user 200. According to a further embodiment, the mobile device 20 can also be configured for detecting the presence of the interface 30.
The electronic key 150 can be transmitted to the interface 30 either after the proximity requirements have been detected, or can alternatively be transmitted to the interface 30 before the proximity requirements have been actuated.
Furthermore, when detection of the user 200 in proximity to the interface 30 has been detected and established, the electronic key 150 is transmitted from the interface 30 to the key reader 53 in the access system 51 in order to grant access to the resource if the user 200 is authorized for such access. The above-mentioned interface 30 is configured to operate as a bridge for communication between the mobile device 20 and the interface 30, and also for communication between the interface 30 and the access system 51. In this manner, the interface 30 bridges the connection for the user 200, via the mobile device 20 and the interface 30, to the access system 51 and the access activation system 52 so as to obtain access to the resource in question. In particular, and according to an embodiment, the interface 30 is configured for detecting whether the user 200 is physically close to the interface 30 and is configured for transmitting the electronic key 150 to the key reader 53 if the pre-set proximity requirements are met by the user 200.
An advantage of this bridging function of the interface 30 is that it can be added to an existing access rights system for virtually any type of resource, providing the functionality of electronic keys, to which access could be granted if pre-determined requirements are met. This contributes to a cost-effective solution for granting access to said resource.
A further advantage of the arrangement and method according to this disclosure is that it may be used alongside an existing resource access system, which for example may be based on physical key cards which are used for unlocking the resources via said key reader. This makes it possible to enable a possibility to use both electronic keys and physical keys at the same time and in the same resource access system.
Figure 2 illustrates a schematic view over an embodiment of an embodiment of the arrangement (10) for managing, and communicating, an electronic key (150), as described herein, and also over an embodiment of the system (100) for regulating access to a resource, as described herein, wherein the system (100) comprises said arrangement (10), all as in Figure 1. However in Figure 2, it is further illustrated that the user (200) utilises a biometric identification in the mobile device (20), and that the user (200) then approaches the resource, key reader (53) and the interface (30). Here it is illustrated that the mobile device (20) and the interface (30) are comprised in the arrangement (10) for managing, and communicating, an electronic key (150). The remote server assembly (40), also comprised in the arrangement (10), is not shown in Figure 2.
Furthermore, and according to an embodiment, the interface 30 is suitably configured so as to be integrated within an existing resource access system 51. More precisely, the interface 30 can be positioned within the key reader 53 and be connected to the same voltage supply as the key reader 53. Being arranged in such manner, the interface 30 can be configured by a technician as regards for example detection of the presence of users 200 and similar parameters. The interface 30 can also be connected to other systems within this concept so as to provide the functionality described above.
Figure 3 is a schematic sequence diagram illustrating an embodiment of the arrangement (10) for managing, and communicating, an electronic key (150), as described herein, and also an embodiment of the system (100) for regulating access to a resource, as described herein, wherein the system (100) comprises said arrangement (10), all as in Figures 1 and 2. Figure 3 thus illustrates an exemplified embodiment of the sequence for regulating access to a resource in connection to the arrangement (10), and to the system (100), both in accordance with the present invention.
Further in Figure 3, the sequence between the user (200), "the mobile device (20)/ the software application (21)" (Mobile device/app (20, 21)), the remote server assembly (Remote server) (40), the interface (30) and the access system (External access system) (51), is shown. Here it is further shown that the access system (External access system) (51) comprises a key reader (Reader) (53) and a "Central unit".
Figure 4 teaches a schematic sequence diagram illustrating an embodiment of the arrangement and method for managing, and communicating, an electronic key 150, as described herein. In particular, Figure 4 teaches an enrollment process in which a user 200 may provide user information in a login process, after which user information is transmitted to the remote server 40, in which an electronic key 150 is generated. Furthermore, the electronic key 150 can be transmitted to the access system 51 (in an external system) and also to the mobile device 20.

Claims

1. An arrangement (10) for managing, and communicating, an electronic key (150), wherein the electronic key (150) concerns access rights to a resource and for its access system (51), wherein the arrangement (10) comprises: a mobile device (20), wherein the mobile device (20) comprises a software application (21), e.g. an app, wherein the software application (21) is provided with a secure login (22) and a capability to communicate electronic keys, and means for wireless communication (23); an interface (30), wherein the interface (30) comprises means for detection of: a user and if pre-set user proximity requirements are fulfilled
(31), means for wireless communication (33), and means for communication (34) with a key reader (53) of an access activation system (52); and a remote server assembly (40), wherein the remote server assembly (40) comprises means for communication and is, via an application programming interface (API) (50), able to communicate with an access rights database (55) of the access activation system (52); and wherein the arrangement (10) further comprises that: the mobile device (20) is able to communicate with the remote server assembly (40) through a secure login, and the mobile device (20) is, via the software application (21), able to communicate an electronic key (150), generated in the remote server assembly (40), to the interface (30), the remote server assembly (40) is, via said API (50), then able to communicate said electronic key to said access rights database (55), and a generated electronic key (150) is communicable, via said API (50) and via said remote server assembly (40), to said mobile device (20), thereby enabling said mobile device (20), via the software application (21), to communicate the generated electronic key (150), and enabling said interface (30) to be prepared to communicate the generated electronic key (150) to said key reader (53) of said access activation system (52); and characterised in that the interface (30) comprises means for installation, and in that, when the interface (30) is installed within a distance from the key reader (53) that enables communication of the generated electronic key (150) from the mobile device (20), via the interface (30), to the key reader (53), and when the user (200), and the fulfilment of the pre set proximity requirements, are detected, the access activation system (52) is enabled to grant access (160) to the resource to the user (200) if authorized.
2. The arrangement (10) according to claim 1, wherein the access system (51) is an access system (51) being external to the arrangement (10).
3. The arrangement (10) according to anyone of claim 1 or 2, wherein the resource is an asset.
4. The arrangement (10) according to anyone of claims 1 to 3, wherein the means for detection of: a user, and if pre-set proximity requirements are fulfilled (31), comprises detection systems, and/or sensors, for example, comprising motion sensors and/or radar devices, e.g. comprising sensor devices, such as motion sensors devices, and/or radar devices.
5. The arrangement (10) according to anyone of claims 1 to 4, wherein the means for detection of: a user, and if pre-set proximity requirements are fulfilled (31), comprises radar devices.
6. The arrangement (10) according to anyone of claims 1 to 5, wherein the interface (30) is compatible with most access activation systems, especially all access activation systems (52) comprising MIFARE formats or Prox EM formats.
7. The arrangement (10) according to anyone of claims 1 to 6, wherein the means for communication (34) with the key reader (53) comprises e.g. Bluetooth, for example, encrypted Bluetooth, for example, Bluetooth low energy (BLE), e.g. encrypted BLE, e.g. Radio-frequency identification (RFID), for example, near field communication (NFC), for example, Low-Power Wide-Area Networks (LPWAN) technologies, cellular technologies, Long Range (LoRa) technologies, Sigfox technologies, Long Term Evolution (LTE or LTE-M) technologies, Narrow-Band loT (NB-loT) technologies and/or, for example, short-range technologies, e.g. Wi-Fi technologies or, for example, ZigBee technologies.
8. The arrangement (10) according to anyone of claims 1 to 7, wherein the interface (30) is placeable in a secure, and protected, way, for example, inside a casing near the key reader (53) and/or, for example, inside the key reader (53).
9. The arrangement (10) according to anyone of claims 1 to 8, wherein, when communication of the generated electronic key (150) from the mobile device (20), via the interface (30), to the key reader (53), is not enabled, the software application (21) is adapted to function with, in the mobile device (20) built in, communication functionalities, e.g. Radio-frequency identification (RFID) emulators, for example, near field communication (NFC) emulators, and the mobile device (20) is thereby, via the software application (21), enabled to communicate the generated electronic key (150) to the key reader (53), when the user is detected, and the access activation system (52) is then enabled to grant access (160) to the resource to the user (200) if authorized.
10. A system (100) for regulating access to a resource comprising an access system (51), being able to give access to the resource, wherein the access system (51) comprises an access activation system (52), a key reader (53), an access rights database (55) and, at least, one API (50), and wherein the system (100) for regulating access to the resource further comprises the arrangement (10) for managing, and communicating, an electronic key (150), according to anyone of claims 1 to 9.
11. An interface (30), for enabling communication of an electronic key (150) from a mobile device (20) to a key reader (53) of an access activation system (52), wherein the interface (30) comprises means for installation means for detection of: a user and if pre-set user proximity requirements are fulfilled
(31), means for wireless communication (33) with the mobile device (20), and means for communication (34) with the key reader (53), and characterised in that the interface (30) is installable within a distance from the key reader (53) that enables communication of the electronic key from the mobile device (20) to the key reader (53), when a user (200), and fulfilment of pre-set proximity requirements, are detected.
12. A method for managing and communicating an electronic key (150), wherein the electronic key (150) is associated with access rights, for a user (200), to a resource and its access system (51), said method comprising the following steps:
- allowing a log in for said user (200), via a login process, to a mobile device (20);
- providing a credential for said user (200), thereby connecting said credential to said user (200), and generating an electronic key (150) for said user (200), in a server assembly (40); - transmitting said electronic key (150) to said mobile device (20) and to said access system
(51);
- further transmitting said electronic key (150) to an interface (30) being configured for detecting said user (200) and for communicating with said mobile device (20);
- forwarding said electronic key (150) to a key reader (53) forming part of said access system (51); and - granting access to said resource after determining, in said access system (51), that pre-set requirements are fulfilled by said user (200).
13. Method according to claim 12, further comprising the following steps:
- detecting the presence of the user 200; - determining if pre-set proximity requirements are fulfilled; and, if this is the case;
- establishing a connection between said mobile device (20) and said interface (30); and
- transmitting said key (150) to said interface 30.
PCT/SE2022/050241 2021-03-10 2022-03-10 Arrangement for managing, and communicating, an electronic key, and a system comprising the arrangement WO2022191765A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE2150275A SE2150275A1 (en) 2021-03-10 2021-03-10 Arrangement for managing, and communicating, an electronic key, and a system comprising the arrangement
SE2150275-2 2021-03-10

Publications (1)

Publication Number Publication Date
WO2022191765A1 true WO2022191765A1 (en) 2022-09-15

Family

ID=83228187

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2022/050241 WO2022191765A1 (en) 2021-03-10 2022-03-10 Arrangement for managing, and communicating, an electronic key, and a system comprising the arrangement

Country Status (2)

Country Link
SE (1) SE2150275A1 (en)
WO (1) WO2022191765A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2620919A1 (en) * 2012-01-26 2013-07-31 SimonsVoss Technologies AG Locking system
US8943187B1 (en) * 2012-08-30 2015-01-27 Microstrategy Incorporated Managing electronic keys
US20160086400A1 (en) * 2011-03-17 2016-03-24 Unikey Technologies Inc. Wireless access control system including distance based lock assembly and remote access device enrollment and related methods

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160086400A1 (en) * 2011-03-17 2016-03-24 Unikey Technologies Inc. Wireless access control system including distance based lock assembly and remote access device enrollment and related methods
EP2620919A1 (en) * 2012-01-26 2013-07-31 SimonsVoss Technologies AG Locking system
US8943187B1 (en) * 2012-08-30 2015-01-27 Microstrategy Incorporated Managing electronic keys

Also Published As

Publication number Publication date
SE2150275A1 (en) 2022-09-11

Similar Documents

Publication Publication Date Title
KR102495293B1 (en) Method and system for managing a door entry using beacon signal
US11373468B2 (en) Method and system for managing door access using beacon signal
JP6937764B2 (en) Systems and methods for controlling access to physical space
EP2973442B1 (en) Controlling physical access to secure areas via client devices in a networked environment
JP2020013591A (en) Self-provisioning access control
EP2005635B1 (en) System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone
EP2877983B1 (en) Access control of an in-room safe
US20200329037A1 (en) Security system with a wireless security device
KR102151843B1 (en) Sub reader and sub reader control method
MX2015002067A (en) Wireless reader system.
JP2016515784A5 (en)
US9437061B2 (en) Arrangement for the authorised access of at least one structural element located in a building
US20230353551A1 (en) Access control system
JP2018010449A (en) Smart lock authentication system and method in smart lock
CN111862431A (en) Authority control and management system
US20230075252A1 (en) Methods, systems, apparatus, and devices for controlling access to access control locations
WO2022191765A1 (en) Arrangement for managing, and communicating, an electronic key, and a system comprising the arrangement
US20200026829A1 (en) Biometric access control identification card
KR101022514B1 (en) Method and system for remotely booting computer
KR20210056747A (en) Complex IoT device and share service providing method using the same
KR102469412B1 (en) Sub reader and sub reader control method
US12001910B1 (en) Initialization of touchless identity card emulator

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22767604

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22767604

Country of ref document: EP

Kind code of ref document: A1