AT523512A2 - Access control procedure and access control system - Google Patents

Abstract

Computer-implemented method for operating an access control system, first data (1) being read out in a first reading step using a first reading device (4) and / or being entered by a person using a first input unit, which first data (1) between an active first network connection the first reading device (4), a first data memory (7), a first computer (6) and a control unit (10) are compared with the first access data (8) stored in the first data memory (7) by means of the first computer (6) and the control unit (10) for controlling the access control system as a function of a first result of the comparison of the first data (1) and the first access data (8) and first authorization data (9) derived from the first result of the person releases or prevents access, with a Inactivity of the first network connection is determined and only in the case of an inactive first n network connection, second data (2) are read out in a second reading step by means of a second reading device (5) and / or are entered by the person using a second input unit, which second data (2) are transmitted via a second network connection from the second reading device (5) can be forwarded to the control unit (10) to release an access, the control unit (10) releasing or preventing access depending on the suitability of the second data (2) and a second authorization of the person derived from the suitability.

Description

description

The invention disclosed here relates to a computer-implemented method for operating an access control system. The method disclosed below relates in particular to a method for access control in a

Building.

According to the state of the art, so-called “online” access control systems, which access control systems are integrated in a network, and “offline” access control systems are known. The required data is stored in a network and can be supplemented by further data, which further data a person requesting access is in

the network loads or lets load.

In an “offline” access control system, which is also known from the prior art, the data are stored exclusively on a data carrier, which data carrier is carried by a person seeking access. The data required for access control are fed to a reader by the person and read out. These data are suitable for causing a control unit to release access. The person skilled in the art can also use the data stored on the data carrier as command data for releasing selected ones

View access through the control unit.

An “offline” access control system works similarly to a key, which key is inserted into a keyhole and is suitable for transferring the locking mechanism of the lock from a locked state to an unlocked state. The key is assigned the necessary mechanical properties, with the mechanical properties of the key being equivalent to the properties of the key

data stored on the data carrier can be viewed.

An "online" access control system requires an active network connection so that data communication between the

individual, mostly spatially separated units of the network

page 1

is possible, whereby external data can be added via a portable data carrier. An “offline” access control system is essentially based on a

Data communication within a unit is limited.

An “online” method according to the prior art is essentially characterized in that first data, which first data are assigned to a person and are applied or stored on a data carrier, are read out by means of a first reading device in a first reading step and / or by means of a first input unit can be entered by the person, which first data are compared with an active first network connection between the first reader, a first data memory, a first computer and a control unit with the first access data stored in the first data memory by means of a computer program installed on the first computer and

the control unit for controlling the access control system as a function of a first result of the comparison of the first data and the first access data and a first authorization of the person derived from the first result enables or prevents access and / or records personal data of the person requesting access,

wherein the first data memory and the first computer are spatially separate units from the first reading device and the control unit,

wherein the first data memory and the first computer with further first reading devices and further first

Control devices are connected via another network.

An “online” access control system can thus be characterized in that the first data are stored on the portable data carrier to be carried by the person and access data are stored on a server as the first data memory. It will be like that

by processing and merging the first

3/36. Page 2

Data and the first access data a higher level of security

created.

The “online” access control system also has the advantage that it can be easily adapted by changing the access data stored on a possibly central server. By comparing the first data and the first access data, the processes that take place in an optionally centrally arranged computer are easy

controllable.

The first access data can include, for example, attributes at which times and / or under which conditions if first data is present in the first network, access is granted. According to the prior art, the first data and the first access data are combined and compared by means of a computer program. The comparison of the first data with the first access data can take place via a matrix system according to the prior art. It can be checked, for example, whether a person to a

access is to be granted at a certain point in time.

The disadvantage of an “online” access control system is certainly primarily the risk of failure of the network connecting the components. If the first network is inactive, it is not possible to control the access sought by the person. The risk of failure of the first network can be particularly high in the case of an extraordinary

Situation.

When using an access control system and a method for this in a building, a fire can be such an extraordinary situation in which extraordinary situation the networks and thus presumably also the first network fail. There is also a registration of the incoming and outgoing in an exceptional situation such as a fire in a building

Important to people. Rescue workers can get the information

Page 3

get how many and which people are in one

Danger area.

CN108898725A discloses a method in which method the online or offline status of the access control system or the network is queried or recognized. Passwords must be entered depending on the status of the access system. The access control system disclosed in CN108898725A is based on two separate methods, namely an online access control and an offline access control. This includes that when the "online" procedure is carried out, the corresponding hardware must be available in the network. At the same time, the necessary hardware must also be available to carry out the offline process, which hardware cannot be integrated in the network. The implicitly disclosed need for two hardware systems makes that disclosed in CN108898725A

Access control system very expensive.

DE102014111503 discloses an access control for a container which allows online operation in communication with a computer system remote from the container and offline operation, the comparison of the access data always being carried out by devices arranged in the container. The method disclosed in DE102014111503 cannot be integrated into a common access control system for buildings because a comparison of first data with first access data, which is normally carried out in a peripheral device, is not compatible with current security regulations. Since DE102014111503 does not concern the implementation of an access control to buildings, this method differs from the comparison in the generation of the authorization key and the checking of this

the first data and the first access data.

There is no indication in DE102014111503 that the first data used in online mode and the second data used in online mode are different. The second data can also not be command data, since according to

DE102014111503 [0019] in the offline mode of

page 4

Authorization key as second data with in a memory

stored data is compared.

The method disclosed in DE112016004525 differs fundamentally from the method according to the invention below in that data processed in online mode are not personal data. DE112016004525 does not disclose that the first data and the second data are different, which second data are processed exclusively in an inactive first network. DE112016004525 [12] mentions the same term for the access data for the online mode and for the offline mode. The data processed in the offline mode cannot be command data; DE112016004525 [12] explicitly mentions access data.

US20100276487 likewise does not provide any indication of a different design of the first data and the second data, which second data is only in the case of an inactive one

first network to be processed.

The invention disclosed here has the basic task of expanding an existing access control system according to the preamble of claim 1. Such an access system is always based on the fact that in a normal state, for safety reasons, the data is stored in a central computing system, which computing system is remote and thus from the access control device comprising a reading device

spatially separated.

The invention disclosed here has the task of providing an access control system in which the required hardware is reduced to a minimum and in which the access control system has the advantages of an offline access control system with the advantages

one online access control system. According to the invention, this is achieved by claim 1.

The method according to the invention is characterized in that

an inactivity of the first network connection is determined

6/36. page 5

and

In the case of an inactive first network connection, second data, which second data includes commands for controlling the access system and is stored on a data carrier, is read out in a second reading step using a second reading device and / or entered by the person using a second input unit,

which second data are forwarded via a second data connection from the second reader to the control unit to enable access,

wherein the second reader (5) and the control unit (10) in

arranged in a device

are,

wherein the control unit, depending on a suitability of the second data and a second authorization derived from the suitability of the person, releases an access and / or the

records personal data of the person.

It is therefore the first data, which first data comprise personal data, and the second data, which second data, commands for controlling the access control system

include, fundamentally different.

The commands included in the second data are not suitable for comparison in a matrix. Only in the case of an inactive first network connection can the second data comprising a command for controlling the access control system cause the access device to be opened. Only in the case of an active first network connection, however, is the command to control the access control system from the first computer to the

Access control system issued.

The “online” method and “offline” method on which the method according to the invention is based differ in terms of where the commands for actuating the

Access control system generated or read out

page 6

will. This ensures that these commands are passed on in different ways between the units

will.

The method according to the invention can be aimed at ensuring that the state of the active first network connection is a normal state. The state of the inactive first network connection can be an exceptional state, in which state nevertheless a high degree of security

is guaranteed.

When the first network connection is active, data can be transmitted in the first network. The first data stored on a portable data carrier can be read out by a first reading device and transmitted to a first computer via the first network connection. The first computer also loads the first access data from a first server via the first network connection. The computer compares the first data and the first access data with one another. A first authorization for an access is derived from the comparison of the first data with the first access data and, depending on the first authorization, the

Control device initiated to release access.

If the first network connection is inactive, the first data cannot be transmitted within the first network. The control unit therefore does not receive a first authorization, depending on which first authorization access is denied or permitted. In the case of an inactive first network connection, the person requesting access is granted access regardless of the person's actual authorization because of the lack of the property of the first network to provide data between the first reading device and the computer

transferred, fails.

An extraordinary situation and inactivity can already be caused by the everyday situation that

the server as the first disk, the computer or a

Page 7

Another device is shut down and restarted. It is unacceptable to the inventor that due to such

Situation a person is denied entry.

The access control system can include routines according to which routines an activity or an inactivity of the first network connection or, as it were, of the first network can be recognized. According to the current teaching, impulses and corresponding impulse responses can be sent permanently via the first network, with the first network or, as it were, the first network connection being classified as inactive if there is no impulse response. Such a method can, however, tie up computing power and requires hardware with a corresponding performance. The person skilled in the art knows other methods

for checking a network.

The method can include the step of recognizing the inactivity of the first network, that the time span between the first reading time, at which first reading time the first data is read out by means of the first reading device, and, if applicable, the receipt of the first authorization in the control unit is determined. If the control device does not receive a first authorization after a defined period of time, the first network becomes and, as it were

the first network connection is classified as inactive.

The first network connection comprises the devices of the first network and a line connecting these devices for the transmission of data. The first network is inactive if a device of these devices and / or these

Line connecting devices is interrupted.

In the case of an inactive first network connection, the second data are read from the data carrier and fed to the control unit via an internal data connection, which control unit derives a second authorization from the suitability of the second data, according to which second authorization the

Access is denied or released. That

page 8

The method according to the invention thus offers a solution to the above-described problem of preventing access on the basis of

an inactive first network connection.

The exclusive reading out of the second data described here in the event of the inactivity of the first network can be equivalent to reading out first data. The second data can be read out independently of the inactivity of the first network connection. If the first network is inactive, the first data cannot be processed, which in turn results in the second data being processed exclusively

Data leads.

Reading out the first data and the second data in a functioning network leads to unnecessary utilization of computer resources. In the normal case, the decision on authorization to access is made by the exclusive

Comparison of initial data considered to be of sufficient integrity.

Reading out the second data for device-internal prompting of the control unit thus represents the solution according to the invention for dealing with the inactive first network or the inactive first network connection, whereby the hardware required for processing the second data can be reduced to a minimum. There is thus the possibility of keeping the system requirements for the hardware low in the event of an extraordinary event, which extraordinary event occurs only rarely, taking into account the rarity of the extraordinary event. The invention disclosed here can be characterized in that the costs for an access control due to the above-described reduction in hardware when maintaining an access control in one

exceptional situation can be reduced.

In the method according to the invention, no second data are compared with second access data when the first network connection is inactive. The ones saved on the data carrier

second data can be commands to initiate the

10/36. Page 9

Arrange for the control unit to grant access. This allows the hardware to be reduced to a minimum or the

Use of low-performance hardware.

In addition to or as an alternative to reading out the second data by means of a second reading device, the method according to the invention can include the second data being transmitted via a second

Input unit can be entered by the person.

The inputted second data can include commands, which commands cause the control unit to allow the person access. The second data entered can include a code, the query of the code representing a further check of the authorization for access. the

second data do not include personal data.

The second data can be reduced to the presence of the

Display the data carrier in the second reader.

Based on the current teaching, the first data includes personal data. The first data can be suitable for comparing the first data with the first access data to identify the person or a group belonging to the

Person is detectable.

The first data thus differ from the second data. In the event that the first data are based on an input of a first code and the second data are based on an input of a second code, the first code and the second code are different in terms of the difference between the first data and the second data. The code available as the first data is compared with the access data, while the second code is a command to operate the

Represents access control unit.

A difference in data can generally be achieved in that the data in question have a different format and / or different content

exhibit.

Page 10

The first data and the second data can be stored on a data carrier and can be different through the content

differentiate.

The granting of access can include an unlockable locking device such as a door, a turnstile or another locking device, by means of which locking device the entry of a person can be prevented. In addition or as an alternative to this, the method according to the invention can include that, in the case of an inactive first network connection, by reading out and / or entering the second data, personal data about the person requesting access are created. The personal data about the person requesting access can be personal data about the persons, which persons have access or no access

is granted include.

The method according to the invention is characterized in that only when inactivity of the first network is detected, instead of the first data stored on a data carrier, which first data do not have an access-critical property, second data are read out by means of a second reader, which second data have an access-critical property . The second data and the second reading step can preferably be a higher one

Exhibit integrity.

The method according to the invention can include the release of access by an output release signal and / or by opening a locking mechanism

as well as the prohibition of access by an output prohibition signal and / or by blocking the

Closing mechanism takes place.

The method according to the invention can be characterized in that the first data and / or the second data are read out by means of a first reading device or a second reading device

of the following group can be read out:

Page 11

Image sensor, NFC sensor, RFID sensor, BLE sensor, biometric

Sensor or other data reading device.

The person skilled in the art is able to select a suitable sensor for reading out the first data and / or the second data. The person skilled in the art can also use sensors other than those here

Use the sensors listed as examples.

The person skilled in the art uses, for example, an image sensor for reading out a code according to the prior art applied to a medium such as a paper card or a plastic card as a data carrier. The code can be, for example, a bar code, OR code or other suitable code according to the prior art. The first data can be image data of a code or image of the person applied to the data carrier

which image data can be read out by means of the image sensor.

The person skilled in the art can provide an NFC sensor, an RFID sensor or a data reading device in order to read out the first data and / or second data stored in a memory as a data carrier. The first data can include a code stored on a first storage medium, which storage medium can be read out by means of an NFC sensor, RFID sensor, BLESensor or some other data reading device according to the prior art. The code stored on the first storage medium can be linked to the person requesting access. The first data can be biometric data of the person. The biometric data can include a fingerprint, fingerprint, palm image, palm vein image, iris image, etc. The person skilled in the art can use a suitable biometric sensor according to the prior art for determining

Select the biometric data.

The method according to the invention can include that the first reading step and the second reading step are carried out in a time sequence or in a causal dependency or run as such. The causal dependency can die

Previously detected inactivity of the first network.

page 12

However, the first reading step and the second reading step can be used

can be carried out as a reading process.

The first reading step and the second reading step are preferably carried out in such a way that it cannot be recognized by the person seeking access whether the first reading step or the second reading step is being carried out. The method according to the invention can include, for example, that when the data carrier is inserted into the reading device, the first data are read out and then the second data are read out. The reading out of the first data and the second data can be carried out in applications of reading methods and reading devices according to the prior art in a reading period of a few milliseconds, which is subjectively without for the person

Measuring instruments cannot be determined.

While the active first network connection allows the comparison of the first data and the first access data in order to maintain a high level of security, only the second data are read out with the inactive first network connection. While the first data and the first access data, thus two data records, are processed in the active first network connection, only the second data and so forth are processed in the inactive first network connection

only processed one record.

A person skilled in the art can obtain a low level of security from this

derive.

Furthermore, when carrying out the method according to the invention with an inactive first network, the person skilled in the art can have a lower adaptability of the authorizations and thus the released ones

Recognize access controls.

The method according to the invention can include that, during an active first network connection, further second data with a changed second suitability are written to a second data memory,

which second data memory has a second

Page 13

Network connection is connected to the second reader and the control unit, which further second data when recording the second data

over the second data are written.

Only those further second data are written to the second data memory which further second data have a changed suitability compared to the second data. When the second data is read out, the second data on the data carrier is overwritten by the further second data, which leads to a change in the second authorization. This embodiment of the method according to the invention implies

that the data carrier can be written to for this purpose.

This includes that at least one continuously updated log of the second data is stored in a data memory. The user can enter a desired change in the second data, further second data being created, which further second data is in the second data memory

can be saved.

The invention also relates to an access control system for carrying out a method according to the above description. The access control system can comprise the following elements: the first reading device for receiving first data,

the first data memory for storing the first access data,

the first computer to compare the first data and the second data,

the second reader for receiving the second data,

the control unit for controlling the access control system, the first computer and the first data memory being spatially separated from the first reading device and the control unit,

wherein the second reading device and the control unit are arranged in one device,

the data carrier comprising the first data and the second

Page 14

Data,

which first data and second data are different.

The person skilled in the art, with his specialist knowledge, can supplement the cited elements with further elements such as computing processors, etc., with a functionality of the invention

To guarantee access control system.

The first reading device, the first data memory, the first computer and the control unit are connected via a first network. The first reading device and the control unit in the first network can be designed as first external peripheral devices to the first computer. The first data memory can be integrated as an internal peripheral device in the first computer or as a server in the form of an external one

Peripheral device be formed.

The first units of the first network can be spatially separated and connected via a first network connection that overcomes this spatial separation. The first network connection can be a so-called online connection, the first network connection via the Internet or a

Can be created on the intranet.

The second reader and the control unit form an inseparable unit, which unit is created by the second network connection. The second reader and the control unit are via a second network connection

training cable connected.

The first reading device and the second reading device can each be designed as a reading device from the following group of reading devices:

Card reader, image sensor, microphone, NFC sensor, RFID sensor,

BLE sensor, biometric sensor.

The invention discussed here can provide that the first data and the second data are amended in a different manner

or are stored in the data carrier. The specialist has at the

Page 15

Storage of the first data and the second data

if necessary, the relevant standards must be taken into account.

The person skilled in the art, using the current teaching and his specialist knowledge, provides a suitable sensor from the group of sensors cited above by way of example in the first reading device and in the second reading device. The person skilled in the art selects the suitable sensor or the suitable sensors for reading out the first data and the second data, also taking into account the non-admission-critical property of the first data and the

access-critical property of the second data.

The first reading device and the second reading device can be made in one piece

be designed as a reader.

This embodiment may imply that the first data and the second data are processed in a similar manner in or on

Data carriers are stored.

The access control system according to the invention can be characterized in that the access control system comprises the second data memory and

the second reading device is also designed as a writing device.

The invention is illustrated by the following in the figures

illustrated embodiments additionally explained:

Figure 1 shows a prior art known

Procedure,

FIG. 2 shows one known from the prior art

Procedure,

Figure 3 illustrates a possible embodiment of the

method according to the invention,

Figure 4 shows a further possible embodiment of the

method according to the invention,

Figure 5 shows a further possible embodiment of the

method according to the invention,

17736 page 16

Figure 6 shows a further possible embodiment of the

method according to the invention,

The embodiments shown in the figures only show possible embodiments, whereby it should be noted at this point that the invention is not restricted to these specially illustrated embodiment variants, but also combinations of the individual embodiment variants with one another and a combination of an embodiment with the general description cited above is possible is. These further possible combinations do not have to be mentioned explicitly, since these further possible combinations are capable of being based on the teaching on technical action through the present invention

of the skilled person working in this technical field.

The scope of protection is determined by the claims. However, the description and the drawings are to be used to interpret the claims. Individual features or combinations of features from the different embodiments shown and described can represent inventive solutions in their own right. The task on which the independent inventive solutions are based

can be found in the description.

In the figures, the following elements are indicated by the

prefixed reference signs:

1 first data, person number 2 second data, person number 3 data carriers

4 first reader

5 second reader

6 first computer

7 first data memory

8 first access data

9 first authorization data

10 control unit

11 first network

Page 17

12 second network 13 second data memory 14 further second data

15 first storage location for first data, OR code

16 second storage location for second data, data medium 17 second input device

20 first unit

21 second unit

FIG. 1 and FIG. 2 sketch applications of methods known in the prior art for providing a

Access.

In the method shown in FIG. 1, access is granted via an “online” access control system. The person seeking access inserts the card into the first reading device 4. The first data 1 stored by means of the OR code 15 are read out and transmitted to the first computer 6 via a first network 11. Via a computer program installed on the first computer 6, the first access data 8 are loaded from a server as the first data memory 7 and first authorization data 9 for granting the first access are written. The first authorization data 9 are sent to the control unit for granting the first access

transmitted.

The method shown in FIG. 1 is based on an active one

first network 11.

FIG. 2 shows how the second data 2 are read out by means of the second reading device 5 and fed to a control unit 10. The second data 2 are command data and, in this form, second authorization data, on the basis of the command data or the second authorization data, the control unit grants or grants the second access

prevents.

Page 18

The second access is granted via an "offline" access control system. The request for the second

Access is only possible if access has been granted.

FIG. 3 illustrates an embodiment of the method according to the invention, which method according to the invention

is executable as a computer-implemented method.

A card is assigned to a person (not shown in FIG. 1). The card can, for example, be issued to the person as an access card for a building. First data 1 and second data 2 are stored on the card as data carrier 3. The first data 1 can include personal attributes such as name and function of the person. The second data 2 include authorization attributes as command data

access.

The card can for example comprise a printed OR code 15 as a first storage location for storing the first data 1 and a data medium 16 such as a memory chip according to the prior art, on which second data medium 16 the second data 2 are stored. The person skilled in the art can also provide other suitable forms such as OR code 15 and data medium 16 for depositing or storing the data 1, 2, as these are also exemplified in the above description. The embodiment sketched in FIG. 3 (and also in FIG. 4) is not limited to the provision of an OR code 15 and

of a storage medium.

The person feeds the card as a data carrier 3 to the reader 4, 5. In the embodiment of the method according to the invention shown in FIG. 3, the first reading device 4 and the second reading device 5 are designed in one piece as a reading device 4, 5. The reading device 4, 5 can read the first data 1 by means of an image sensor and the second data 2 by means of a

Read out data reader.

The first data 1 read out is a first

Network 11 transmitted to the first computer 6. It will

Page 19

furthermore, first access data 8 is loaded from a server as the first data memory. The first data memory 7, the reading device 4, 5 and a control unit 10 described below are designed as first external peripheral devices for the first computer 6. The first computer 6 and the first external peripheral devices are spatially separate first units 20 and / or devices which spatially separate units 20 are connected via a line suitable for the transmission of data. The first computer 6 and the first external peripheral devices are via the first network 11 with first network connections for the transmission of data, in particular the data mentioned here

tied together.

Furthermore, a protocol stored in the first data memory 7 can be created. The log can include, for example, the point in time at which the first data 1 was read out

which is equivalent to a request for access.

The first data 1 are compared with the first access data 8. This processing of the first data takes place in the first computer 6, which computer 6 is remote from the first reading device 4. This comparison and the creation of first authorization data 9 describing the authorization of the person for access is created by means of the first computer 6 using computer programs according to the prior art. The authorization data 9 are transmitted to the control unit 10, by means of which control unit 10 a mechanical means and / or a display means for releasing access or for preventing access is controlled. The latter can be, for example, a door lock, a turnstile to be released or a traffic light. The first authorization data 9 are thus the

access-related data.

The first network 11 can be formed via the Internet or the intranet. The first network 11 can be established via wired network connections or radio network connections

be.

21736 page 20

Such a network as the first network 11 can be subject to a disturbance. A disruption in the first network can be caused by the interruption of a first network connection and / or by failure of the first computer 6 and one of the first external peripheral devices 4, 7, 10

be.

The disruption of a network can be determined using methods according to the state of the art. In addition to or as an alternative to this method according to the prior art, the method according to the invention can also include sending the first authorization data 9 to the control unit 10 by means of the first reading device 4, starting with the reading time of the reading out of the first data 1 within a defined period of time

must be transmitted.

The invention disclosed here has the task of providing the person authorized to access despite the failure of the first network

11 to grant access.

The method according to the invention can provide that, if necessary, after an inactivity of the first network 11 has been determined and only if the first network 11 is inactive, the second data 2 are read out from the card as a data carrier 3. The second data 2 are not processed by a computer, which computer is arranged remotely from the second reading device 4. The method can include routines for this purpose, by means of which routines an inactivity of the first network 11 with a

defined probability is determined.

The second data 2 can be assigned to the person in the form

be sure that the person carries the data carrier with them.

The second reading device 5 and the control unit 10 form a second unit 21; the second reading device 5 and the control unit 10 are only separated by the small distances that are usual within a device. Preferably are

the second reading device 5 and the control unit 10 in one

22736 page 21

Housing arranged and via a device-internal second

Data line connected.

The second data 2 are forwarded to the control unit 10 via a second network. The second network 12 can be formed by an electrical circuit which, in contrast to the first network 11, cannot be viewed as being susceptible to failure. The second network 12 can be designed in the form of an electrical circuit. The reading device 4, 5 and the control unit 10 can be designed as a unit, which unit is the second network

12 as an electrical or electronic component.

The second data 2 comprise commands for the release of an access. The second data 2 do not include any personal data. Since the person carries the second data 2 stored on the data carrier 3 with him via the data carrier 3, the second data 2 are assigned to the person. The second data 2 do not include any other reference such as name or group membership to the person. Depending on the suitability of the second data 2, in particular the command stored as second data 2 for causing the control unit 10 to release access, the person can be granted or prevented such access. The second data 2 are therefore the access-critical data, which data of a person about the

Ownership of the card is assigned by the person.

While the first data 1 are compared with the first access data 8 and, as a function of this comparison, first authorization data 9 are created, which authorization data 9 are transmitted to the control unit 10, the second data 2, which also act as second authorization data, are processed directly and without a comparison with further data such as first access data to the control unit 10. From this, the person skilled in the art can derive a lack of security from the simple transmission of the second data 2 in the case of an inactive first network 11. This lack of

Security does not arise insofar as the examination of the

Page 22

Authorization of access by means of the second data only takes place in the case of an inactive first network and thus in an exceptional situation such as a fire

is limited.

The first data 1 are not entry-critical data. In the case of an active first network 11, the first authorization data 9 represent the access-critical data, the first authorization data 9 being created as described above. In contrast to the first data 1, the second data 2 are data that are decisive for access in the case of a non-active first network 11. The property that the second data 2 are access-critical data only in the case of a non-active first network, allows the reduction of the hardware for reading out the first data and for

Achievement of an access decision.

The person skilled in the art also recognizes that the second data 2, which second data 2 act as second authorization data, cannot be changed in the embodiment shown in FIG . FIG. 4 shows a further embodiment of the method according to the invention. The embodiment of the method according to the invention shown in FIG. 4 comprises those cited in the description of the figures for FIG

Features, which features are supplemented by the following.

The second reading device 5 can comprise a second data memory 13. The second data memory 13 can be integrated into the unit comprising at least a second reading device 5 and a control unit 10 and thus part of the second

Network 12.

According to the prior art, changes to the access authorizations are entered into a database via a computer. In the embodiment discussed here, be the

For simplicity, assume that the computer is used to input the

24/36 page 23

Let the access authorizations be the first computer 6, the database comprising the access authorizations being formed by the first access data 8 stored in the first data memory 7. The person skilled in the art can also do more here

Arrange units.

The first data memory 13 is connected to the first computer 6 via a network. FIG. 4 shows the special case in which the second data memory 13 is connected via the first network 11 to the first computer 6 and to the server as the first data memory 7. When an access authorization is changed, first access data 8 changed by means of the first computer 6 are stored in the server as the first data memory 7. The method according to the invention can include that, when the first network 11 is active, only the changed first access data 8 are written to the second data memory 13 as further second data 14. This includes that the changed first access data 8 to

further second data 14 are converted.

As soon as the card is placed as a data carrier 3 in the reader 4, 5 for reading out the first data 1 and the second data 2, a check can be made as to whether there are further second data 14 in the second data memory 13 in addition to the second data 2 stored on the data carrier 3 are present. If necessary, the further second data 14 are written to the data carrier 3 with a change to the second data 2, so that the changed second data 2 is sent to the control unit 10 for checking the access

to get redirected.

The embodiment of the method according to the invention outlined in FIG. 4 is thus characterized - in addition to the method outlined in FIG. 1 - by maintaining adaptability

failure of the first network.

By exclusively writing the further second data 14 to the second data memory 13, the second

Data storage 13 and the associated electronic

Page 24

Components are dimensioned to a minimum. The dimensioning of the second data memory is essentially the consideration of a statistical question, namely how long further second data 14 are to be stored in the second data memory 13 until the further second data 14 is overwritten on the data carrier 3 by overwriting the second data 2

can be written.

The second data memory 13 can also serve as a buffer memory for storing the second data 2 read out during an inactivity of the first network 11. When the first network 11 is restored, the second data 2 written to the second data memory 13 as a buffer memory can access requested accesses to complete the protocol

the server can be written as the first data memory 7.

A person skilled in the art recognizes that the above-described processes in the first computer 6 or the methods carried out by means of the first computer 6 require computer programs which computer programs are installed and executable on the first computer 6. The person skilled in the art is also able to add further electronic components such as CPU et cetera to the units shown in the figures in order to ensure the functionality of the method according to the invention. The specialist does

this with his general specialist knowledge.

FIG. 5 shows a further possible embodiment of the computer-implemented method according to the invention. First data 1, which first data 1 are assigned to a person and are stored on a data carrier in a first storage location 15, are read out by means of a first reading device 4 in a first reading step. In the embodiment of the method according to the invention shown in FIG. 5, the first storage location 15 is shown, for example, as an OR code, with the person skilled in the art also knowing others according to the prior art

Formations of a first storage location 15 can be provided.

Page 25

The first data 1 read out by means of the first reading device 4 is compared with an active first network connection between the first reading device, a first data memory, a first computer and a control unit with first access data 8 stored in a server serving as the first data memory 7. A person skilled in the art can do this comparison

using the first computer.

Depending on a first result of the comparison of the first data and the first access data and a first authorization of the person derived from the first result, the control unit 10 for controlling the access control system enables or denies access. In addition to or as an alternative to an access decision mentioned above, personal data of the

the person requesting access can be recorded.

The method illustrated in FIG. 5, like the embodiments of the method according to the invention discussed above, is based, as it were, on determining an inactivity of the first network connection 11. The inactivity of the first network connection 1 can be determined by methods according to the prior art. Probably the simplest form of ascertaining inactivity of the first network connection 11 is certainly the above-described general ascertainment of the absence of an access decision within a defined period of time

reading out the first data 1.

The embodiment of the method according to the invention sketched in FIG. 5 provides that only when there is an inactive first network connection 11, second data 2 are entered by the person requesting access using a second input unit 5. The reader is thus designed in such a way that the reader has the first reader 4 and a

second input device 17 comprises.

27736 page 26

The second data 2 are forwarded via a second network connection from the second input device 17 to the control unit 10 to enable access, the control unit depending on the suitability of the second data 2 and a second authorization of the person derived from the suitability

enables or prevents access and / or

Records personal data.

The second data 2 entered by the person requesting access can be a code comprising numbers and letters, on the basis of which codes the control unit 10 is prompted to make an access decision. A person skilled in the art can configure the second input device 17 in such a way that the second

Input device for entering the second data 2 is suitable.

The method according to the invention can run in such a way that after the data carrier 3 has been entered into the first reading device 4 and the inactivity of the first network connection 11 has been established, the person requesting access can enter the second data

2 is prompted.

The embodiment of the method according to the invention identified in FIG. 6 corresponds to the embodiment discussed with reference to FIG. 1, the control unit 10

is also coupled to a monitoring unit.

In addition to or as an alternative to an access decision, the method according to the invention can also include the control of a monitoring unit such as an alarm system. In addition to the first authorization for access derived from a comparison of the first data 1 and the first access data 8, the first authorization can also control a monitoring unit such as activating or

Deactivating an alarm system include.

If inactivity of the first network connection 11 is determined, the second data 2 are read out by means of the second reading device 5. The second data 2 is in

Supplement or as an alternative to the initiation of a

Page 27

Access decision suitable for activating or deactivating the monitoring device

to cause.

Page 28

Claims (12)

Claims 1. Computer-implemented method for operating an access control system, first data (1), which first data (1) are assigned to a person and are applied or stored on a data carrier (3), read out by means of a first reading device (4) in a first reading step and / or entered by the person using a first input unit, which first data (1) in the case of an active first network connection between the first reading device (4), a first data memory (7), a first computer (6) and a control unit (10 ) are compared with the first access data (8) stored in the first data memory (7) by means of a first computer program installed on the first computer (6) and the control unit (10) for controlling the access control system as a function of a first result of the comparison of the first data ( 1) and the first access data (8) and first authorization data derived from the first result (9) gives the person access or prevents access and / or records personal data, the first data memory (7) and the first computer (6) being spatially separate units from the first reading device (4) and the control unit (10) , wherein the first data memory (7) and the first computer (6) are connected to further first reading devices and further first control devices via a further network, characterized in that inactivity of the first network connection is determined and second data is only determined in the case of an inactive first network connection (2), which include second data (2) commands for controlling an access control system and on the Data carrier (3) are stored by means of a second Page 29 Reading device (5) can be read out in a second reading step and / or entered by the person using a second input unit, which second data (2) are forwarded via a second data connection from the second reading device (5) to the control unit (10) to enable access, wherein the second reading device (5) and the control unit (10) are arranged in one device, wherein the control unit (10), depending on the suitability of the second data (2) and a second authorization of the person derived from the suitability, enables or prevents access and / or records personal data, wherein the first data (1) and the second data (2) are different. 2. The method according to claim 1, characterized in that the release of access by an issued release signal and / or by opening a locking mechanism and the prevention of access by an issued prohibition signal and / or by blocking the Closing mechanism takes place. 3. The method according to any one of claims 1 to 2, characterized in that the first data (1) and / or the second data (2) are read from the following group by means of a first reader (4) or a second reader (5) : Image sensor, microphone, NFC sensor, RFID sensor, BLE sensor, biometric sensor, data reader. 4. The method according to claim 3, characterized in that from a large number of biometric data such as finger image, palm image, palm vein image, hand geometry image, Iris image can be selected as the first data. 5. The method according to any one of claims 1 to 4, characterized marked that Page 30 the first reading step and the second reading step as one Reading procedures are carried out. 6. The method according to any one of claims 1 to 5, characterized in that further second data (14) with a changed second suitability are written to a second data memory (13), which second data memory (13) via a second network connection (12) the second reading device (5) and the control unit (10) is connected, which further second data (14) when recording the second Data (2) are written via the second data (2). 7. Access control system for performing a method according to one of claims 1 to 6 comprising the first reading device (4) for receiving first data (1), the first data memory (7) for storing the first access data (8), the first computer (6) for comparing the first data (1) and the first access data (8), the second reading device (5) for receiving the second data (2) and / or a second input unit for entering the second data (2), the control unit (10) for controlling the access control system, the first computer (6) and the first data memory (7) being spatially separated from the first reading device (4) and the control unit (10), the second reading device (5) and the control unit (10) in a device are arranged, the data carrier comprising the first data (1) and the second data (2), which first data (1) and second data (2) are different are. 8. Access control system according to claim 7, characterized marked that Page 31 the first reader (4) and the second reader (5) are each a reader from the following group of readers: card reader, image sensor, microphone, NFC sensor, RFID Sensor, biometric sensor, BLE sensor. 9. Access control system according to one of claims 7 to 8, characterized in that the first reading device (4) and the second reading device (5) are integrally formed. 10. Access control system according to one of claims 7 to 9, characterized in that the access control system comprises the second data memory (13) and the second reading device (5) also as a writing device is trained. 11. Access control system according to one of claims 7 to 10, characterized in that the data carrier (3) has a card with an applied code and a storage medium, a chip, a portable electronic device such as a mobile phone, watch, smart watch for storing the first data (1 ) and / or / or the second data (2). 12. Access control system according to one of claims 7 to 11 coupled with other monitoring devices. Page 32