AU2012257871A1 - Device for controlling access, access control system and method for controlling access - Google Patents

Device for controlling access, access control system and method for controlling access Download PDF

Info

Publication number
AU2012257871A1
AU2012257871A1 AU2012257871A AU2012257871A AU2012257871A1 AU 2012257871 A1 AU2012257871 A1 AU 2012257871A1 AU 2012257871 A AU2012257871 A AU 2012257871A AU 2012257871 A AU2012257871 A AU 2012257871A AU 2012257871 A1 AU2012257871 A1 AU 2012257871A1
Authority
AU
Australia
Prior art keywords
people
receiving space
token
group
reader
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
AU2012257871A
Other versions
AU2012257871B2 (en
Inventor
Klaus Herrmann
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bundesdruckerei GmbH
Original Assignee
Bundesdruckerei GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bundesdruckerei GmbH filed Critical Bundesdruckerei GmbH
Publication of AU2012257871A1 publication Critical patent/AU2012257871A1/en
Application granted granted Critical
Publication of AU2012257871B2 publication Critical patent/AU2012257871B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/10Movable barriers with registering means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/28Individual registration on entry or exit involving the use of a pass the pass enabling tracking or indicating presence
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Lock And Its Accessories (AREA)
  • Time Recorders, Dirve Recorders, Access Control (AREA)

Abstract

The invention relates to a device for controlling the access of a group of persons (182, 184), comprising locking means (106, 102, 188) for locking and unlocking a receiving room (100) for a group of persons, sensor means (108) for detecting the number of persons in the group of persons received in the receiving room, at least one first reader (110) for signaling successful authentication of a person of a group of persons in the receiving room with respect to an ID token associated with said person, control means (146) for unlocking the locking means under the condition that the detected number of persons is the same as the number of the signaled authentications.

Description

1 Device for controlling access, access control system, and method for controlling ac cess Description The invention relates to a device for controlling the access of a group of people, to an access control system, and also to a method for controlling the access of a group of people with the aid of ID tokens. 5 A method for securing access to a protected area is known from DE 101 464 59 Al in which each individual person does not necessarily have to be checked. To this end, a number of people located in a checking area is determined and a num ber of authorization passes present in the area is checked in order to ascertain 10 whether the number of people matches the number of authorization passes. By contrast, the object of the invention is to create an improved device for control ling access, an access control system, and a method for controlling the access of a group of people.
2 The object forming the basis of the invention is achieved by the features of each of the independent patent claims. Embodiments of the invention are specified in the dependent patent claims. 5 According to embodiments of the invention, a device for controlling the access of a group of people is created and is used for example to control the access to a pro tected area or a border control, or for other sovereign or non-sovereign applica tions. 10 The device for controlling access includes locking means for locking and unlocking a space for receiving a group of people. Here, the locking means may comprise a suitable locking device, such as a controllable lock, an airlock door or the like. In particular, the receiving space can be formed as an access airlock with an entry 15 door and an exit door, wherein the locking and unlocking, that is to say for exam ple the controlling of the entry and exit doors in order to open and close the access airlock, may be designed so as to be controllable by control means of the device. The device further has sensor means for detecting the number of people in the 20 group of people received in the receiving space. The sensor means can be de signed such that the thermal radiation of the people, in particular the face tempera ture thereof, the weight thereof and/or another parameter, is detected in order to ascertain the number of people that have entered the receiving space. In particu lar, this may occur optically in that the receiving space is monitored with the aid of 25 a camera, which has a CCD sensor, and the number of people is determined with the aid of image processing software. At least one first reader belongs to the device in order to signal a successful au thentication of a person within the group of people in the receiving space to an ID 30 token assigned to said person. The ID token may be a portable electronic piece of equipment, such as what is known as a USB stick, or may be a document, in particular a value or security document.
3 In particular, the ID token may be a paper-based and/or plastic-based document, such as an identification document, in particular a passport, personal identification document, visa, driver's license, company identification document, health insur 5 ance card, bank card, or also a vehicle registration document, consignment note or other proof of authority. In particular, the ID token can be formed as a chip card with contact-based and/or contactless interface, or as an RFID token. In particular, it may also be contained in a payment means, in particular a bank note, a bank card or a credit card. The ID token may have a data memory for storing at least 10 one attribute of a person to whom the ID token is assigned, and in particular for storing reference data and image data, in particular a digital passport photo. The ID token further has means for authentication of the person to the ID token so that the person in question can prove that they are actually assigned to the ID token. 15 For authentication of the person to the ID token, authentication methods known per se from the prior art can be used, in particular authentication by input of a se cret code, that is to say what is known as a personnel identification number (PIN), and/or biometric authentication methods. In this case, protocols which are likewise known per se from the prior art can be used, such as the Basis Access Control 20 (BAC) protocol, Extended Access Control (EAC) protocol, and the Password Au thenticated Connection Establishment (PACE) protocol; in this regard see Tech nical Guideline TR-031 10 "Advanced Security Mechanism for Mach ine-Readable Travel Documents", version 2.05, of the Federal Office for Information Security and also EP 1 891 607 B1. 25 For example, the first reader is what is known as a class 2 reader or class 3 reader with a keypad. Once the person has brought his ID token into the detection range of the first reader, he inputs his PIN via the keypad of the first reader in order to authenticate himself to the ID token. The PIN is transmitted from the first reader to 30 the ID token, where the input PIN is compared with stored reference data. If the input PIN matches the stored reference data, the person is authenticated to the ID token and the ID token outputs a corresponding authentication signal to the first reader. Alternatively or additionally to a keypad, the first reader may have other input or detection means or may be connected to such means, such as a biometric 4 sensor for detecting a biometric feature of the person, such as fingerprints, an iris scan, facial biometry data, or the like. The device further has control means for unlocking the locking device on the con 5 dition that the detected number of people equals the number of signaled authenti cations. The control means are thus coupled to the sensor means and the at least first reader, such that the control means can compare the detected number of people with the number of authentications made to the first reader or readers in order to ascertain whether these numbers match. If both numbers match, the con 10 trol means unlock the receiving space, such that the group of people can leave the receiving space, for example in order to enter a protected building area or to pass a national border. The control means may have an individual computer or a com puter network. The control means, the locking means, the sensor means and the at least one first reader may likewise communicate via a network, in particular an 15 Ethernet. The "locking means" may be a controllable door latch for example, into which an access door of the receiving space may fall. The door latch is released by a corre sponding signal of the control means, such that the door of the receiving space 20 can be opened. Alternatively or additionally, a turnstile for example is located at the point of access to the receiving space and can be locked, that is to say blocked, and unlocked, that is to say released, by a corresponding signal of the control means. 25 Alternatively or additionally, the locking means may have a door that can be driven by an electric motor, wherein the electric motor can be controlled by the control means so as to open and close the door and also so as to hold the door in the closed locked position. 30 According to embodiments of the invention, the receiving space has an individual access door for the group of people. Alternatively, the receiving space is formed as an access airlock with at least one entry door and one exit door. If the exit door is locked, then the entry door is unlocked, such that the group of people can enter 5 the receiving space. The entry door is then also locked. When the precondition for unlocking has been met, the control means control the exit door in order to unlock it or to open it so that the group of people can leave the receiving space through the exit door. 5 According to an embodiment of the invention, a plurality of the first readers are distributed in the receiving space. The plurality of first readers can be operated in parallel, such that a number of people can be authenticated simultaneously. The sensor means have first sensors for each of the first readers in order to detect the 10 presence of a person within the group of people at a location of the respective first reader. The execution of the authentications of the people to the ID token via the first readers is then only released by the control means once the presence of a person at one of the readers has been detected by the first sensors. 15 Here, it is particularly advantageous that the throughput can be heavily increased due to the parallel operation of a number of the first readers. On the other hand, the sensor-based detection of the number of people is facilitated in that the pres ence of a person is not detected just anywhere in the receiving space, but at the respective locations of the readers. Due to the first sensors at the location of each 20 of the first readers, the people within the receiving space are specifically inevitably separated, which heavily facilitates the sensor-based detection of the number of people and makes this detection process particularly reliable. For example, a camera may be arranged on each of the readers in order to detect 25 the presence of a person at the location of the respective reader, for example an infrared camera and/or a camera that operates in the visible range. Alternatively or additionally, a weight sensor may be provided at each location of the first readers. A person wishing to perform the authentication at one of the first readers then has to move into the detection range of the respective weight sensor of the selected 30 first reader, such that the presence of the person at the location of the selected reader can be detected via the weight of the person. For example, a stool on which a person has to sit so that the authentication to the selected first reader can be carried out may be fixedly placed in front of each of the readers. A sensor is 6 located in each of the stools in order to sense the loading of the stool by the weight of a person. Possible misuse or manipulation attempts are counteracted since, when the num 5 ber of people matches the number of first readers, the authentication of the people to their ID token via the respective selected first readers is only released by the control means once the presence of a person has been detected by each of the first sensors in each case assigned to a respective one of the readers. If the num ber of people is smaller than the number of first readers, the absence of a person 10 is thus detected at a number of first readers. It can thus be ensured that a number of people are not waiting at the same first reader. According to a further embodiment of the invention, the sensor means comprise at least one second sensor, more specifically for detecting people who are not wait 15 ing at the location of one of the first readers in the receiving space. Here, it is thus additionally checked whether a person wishing to exit the access control in this way is located in the receiving space in a position distanced from the first readers. To this end, the receiving space outside the locations of the first readers is moni tored by a suitable sensor, such as an infrared camera, a CCD camera or the like. 20 Here, it is particularly advantageous that the waiting of somebody or nobody at the locations of the readers and also the absence of people in the receiving space outside the locations of the readers can be sensed in a technically reliable and cost-effective manner. 25 According to an embodiment of the invention, the ID tokens of the people are de signed for authentication to a second reader. In particular, this may include what is known as chip authentication of the electronic chip of the ID token to the second reader and optionally also an authentication of the second reader to the ID token, that is to say what is known as terminal authentication. The second reader is ar 30 ranged outside the receiving space, for example in a waiting area. In the ID token belonging to one of the people, biometric reference data belonging to this person are stored, such as fingerprint data, facial biometry data, iris scan data and/or other biometric data. Furthermore, the ID token has an identifier, 7 which identifies the ID token unambiguously. The identifier can be read from the ID token, for example optically or via an electronic interface. In particular, what is known as the machine readable zone (MRZ) of an ID token, which is designed as a machine-readable travel document, can be used to detect the identifier, a serial 5 number of the chip of the ID token, which for example can be read out via RFID, or the personal details of the person, which can be optically read from the ID token for example and likewise identify the ID token without ambiguity. The second reader is designed to detect this identifier from the ID token and also 10 to carry out at least one-way authentication of the ID token to said second reader, for example by the BAC and/or EAC protocol. After successful authentication, the second reader reads out the biometric reference data stored in the ID token and stores this with the identifier as an access key in a memory, for example of the control means. 15 The first readers located in the receiving space are in this embodiment likewise designed to detect the identifier previously already detected by the second readers outside the receiving space. The first readers are further designed to detect the biometric feature for which biometric reference data are stored in the ID token. 20 To authenticate the people in the receiving space, an approach is adopted here such that the identifiers are detected again with the aid of the first readers in the receiving space and the respective biometric reference data are then read out from the memory with the aid of the identifiers in order to be compared with the 25 respective biometric features detected by the first readers. Unlocking then occurs on the further condition that the detected biometric features of the people suffi ciently match the respective biometric reference data. This embodiment has the specific advantage that the security against manipula 30 tions with high throughput is further increased. This is made possible since the period during which the people outside the receiving space are waiting is used to securely read out the biometric reference data from the ID token under considera tion of data protection requirements, and therefore this process does not have to 8 take place within the receiving space. The residence time of the group of people in the receiving space can thus be kept very short, even with biometric checking. According to an embodiment of the invention, the biometric reference data read 5 from the ID token and buffered in the memory are deleted once authentication has been performed, for example immediately before or after the unlocking. It is thus ensured that the biometric reference data cannot be collected and stored at central locations. 10 According to a further embodiment of the invention, the device has entry restriction means for restricting the number of people in the group of people, wherein the number of people to which entry into the receiving space is restricted is limited to the number of people for which the at least one second reader has stored the bio metric reference data in the memory. 15 In other words, the number of people authenticating themselves to the second reader outside the receiving space in the waiting area and of which the biometric reference data are read and buffered whilst the receiving space is still locked is counted. The number of people who have entered the receiving space after un 20 locking is then confined to the number of people for which the biometric reference data have already been read. This is intended to prevent people from entering the receiving space for whom no biometric reference data are yet stored in the memory, since this would lead to a delay in the process. The intake capacity of the waiting area, in which the people have access to the second reader or readers, 25 can be selected for example such that it is equal to the intake capacity of the re ceiving space. According to an embodiment of the invention, the entry restriction means have at least one turnstile in order to limit the number of people that can enter the receiv 30 ing space. An additional turnstile may be arranged at the entry of the waiting area in order to restrict the number of people in the waiting area to the maximum intake capacity of the receiving space. Instead of a turnstile, the entry restriction means may also be formed by one or more automatic doors.
9 Embodiments of the invention are particularly advantageous for applications in which groups of people are present who simultaneously desire access a protected area, such as a border crossing, in particular at airports, access to security zones of specially protected facilities, access to company buildings, bank vaults, or 5 lounges, for example in football stadiums. Here, embodiments of the invention are of particular advantage such that access of such groups of people can be controlled efficiently, more specifically without compromising security. 10 Embodiments of the invention are also of particular advantage for controlling the access of people who cannot operate the readers independently, such as children or people with disabilities. Since, in accordance with the invention, the people are not separated or are only separated within the same receiving space, such people 15 within the receiving space can be assisted by other people within the group of people. To this end, it may be advantageous to arrange the first readers closely to one another in order to facilitate such assistance. For example, the first readers may 20 for this purpose form a structural unit, in particular the antenna regions for support ing the ID tokens when these are RFID tokens, wherein the antenna regions can be formed side by side, for example as elongate support areas with a plurality of PIN input keypads, or for example are constructed similarly to a handrail, in which antenna, display and operating fields are integrated. 25 In a further aspect, the invention relates to an access control system comprising an embodiment of a device according to the invention and a plurality of ID tokens. The receiving space may also belong to the access control system, wherein the receiving space can be formed for example as an access airlock. 30 In a further aspect, the invention relates to a method for controlling the access of a group of people with the aid of a device according to the invention and/or an ac cess control system according to the invention, said method comprising the follow ing steps: locking the receiving space once the group of people has been re- 10 ceived, detecting the number of people in the group of people received in the re ceiving space, authenticating each of the people in the group of people received in the receiving space to a respective assigned ID token within the receiving space and signaling successful authentications by means of the at least one first reader, 5 and unlocking the receiving space on the condition that the number of detected people matches the number of signaled authentications. Embodiments of the invention will be explained in greater detail hereinafter with reference to the drawings, in which: 10 Figure 1 shows a block diagram of a first embodiment of a device according to the invention, Figure 2 shows a flow diagram of a first embodiment of a method according to 15 the invention, Figure 3 shows a block diagram of a second embodiment of a device according to the invention, 20 Figure 4 shows a flow diagram of a second embodiment of a method according to the invention, Figure 5 shows a block diagram of a third embodiment of a device according to the invention, and 25 Figure 6 shows a flow diagram of a third embodiment of a method according to the invention. Elements in the following embodiments that correspond to one another or are the 30 same are denoted by like reference signs. Figure 1 shows a receiving space 100 for receiving a group of people having a maximum number N of people. The receiving space has an automatic door 102, which for example can be operated by an electric motor, in order to open and to 11 close an entry and exit 104 of the receiving space 100. To this end, a controllable bolt 106, such as a door latch, may be provided. The receiving space 100 is monitored by at least one sensor 108. The sensor 108 5 is used to detect the number of people located in the receiving space 100. The sensor 108 may be a camera or an infrared sensor, for example. At least one reader 110, which is interoperable with the ID tokens 112, 114, 116, 118, ... of a group of people, such as the people 120, 122, 124, 126, ... , is located 10 in the receiving space 100. Here, each of the ID tokens is assigned to exactly one of these people, for example the ID token 112 is assigned to the person 120, the ID token 114 is assigned to the person 122, etc. The ID tokens 114, 116, 118, ... are in principle constructed identically to the ID 15 token 112 illustrated in greater detail in Figure 1. The ID token 112 has an interface 128 to a corresponding interface 130 of the reader 110. The interfaces 128, 130 can be formed in a contact-based or contact less manner, in particular as RFID interfaces. 20 The ID token 112 further has a processor 132 for executing program instructions 134 and also an electronic memory 136 for storing reference data 138. For exam ple, the reference data 138 may be a secret code, such as a PIN, which is to be known only to the person assigned the ID token 112, that is to say in this case only 25 the person 120. Alternatively or additionally, the reference data 138 may include biometric reference data concerning the respective person. The electronic memory 136 is a protected memory, which can only be accessed internally by the proces sor 132 of the ID token 112. Direct access via the interface 128 to the memory 136 and in particular the reference data 138 stored therein is either not possible or is 30 only possible after release by the processor 132, depending on the embodiment. The reader 110 has a processor 140 for executing program instructions 142 and also an interface 144 for communication with a controller 146, which for example is 12 formed as a computer and has a corresponding interface 148. The interfaces 144 and 148 may be network interfaces for example, in particular Ethernet interfaces. The reader 110 further has input or detection means, such as a keypad 150 and/or 5 a sensor 152. The keypad 150 can be designed to input the PIN into the reader 110, and the sensor 152 may be a biometry sensor for detecting a biometric feature of the re spective person. 10 The controller 146 has a processor 154 for executing program instructions 156. By executing the program instructions 156, the controller 146 can generate, for ex ample, a signal 158 in order to control the bolt 106 and/or the door 102 or the elec tric-motor-based drive thereof so as to thus lock or unlock the door 102. 15 Furthermore, the controller may sense the locked or unlocked state of the door 102, for example via the line 160. The controller 146 is further connected to the sensor 108 via a line 162, via which the controller 146 receives a signal 164. The signal 164 may be a sensor signal of the sensor 104, which is then evaluated by 20 the controller 146 by execution of the program instructions 156 in order to deter mine the number of people in the receiving space. Alternatively, the sensor signal may already be processed by a digital signal processing of the sensor 108 itself, such that the signal 164 already indicates the detected number of people. Mixed forms are also possible, in accordance with which the detected sensor signal is 25 pre-processed by the evaluation electronics of the sensor 108, such that the fur ther evaluation by the controller 146 is reduced accordingly. The interfaces 144 and 148 can be coupled to one another via further separate lines 166. The controller 146 receives a signal 168 from the reader 110, said sig 30 nal signaling that a person has been authenticated. The lines 160, 162 and 166 can be replaced wholly or partially by a network, for example an Ethernet, via which the various components, that is to say the control- 13 ler on the one hand and the bolt/the door 102, the sensor 108 and the reader 110 on the other hand, can communicate with one another. The following approach for example is adopted in order to control access: 5 Firstly, a group of M people, wherein 0 < M < N, enters the receiving space 100. For example, the group of people contains M = 4 people 120, 122, 124 and 126, as shown in Figure 1. The people in this group of people each carry with them their ID token, as is likewise shown in Figure 1. 10 Once the group of people has entered the receiving space 110, the door 102 is closed and locked. This can occur automatically or manually. The number M of people is then determined with the aid of the sensor 108. 15 The people in this group of people also authenticate themselves to their ID token with the aid of the reader 110. To this end, the person 120 for example brings his ID token 112 into the detection range of the interface 130. The person 120 then inputs his PIN into the reader via the keypad 150 of the reader 110. The PIN is transferred via the interface 130 to the ID token 112 by execution of the program 20 instructions 142 and is evaluated there by execution of the program instructions 134 in that the processor 132 accesses the reference data 138 and this data is compared with the PIN received via the interface 128. If the received PIN matches the reference data 138, the processor 132 generates a corresponding signal, which is transmitted via the interface 128 to the interface 130 of the reader 110 25 and is forwarded as a signal 168 via the interface 144 to the controller 146 by exe cution of the program instructions 142. The detected number of people M and also the number of signals 168 each signal ing a successful authentication of a person to an ID token are processed by the 30 controller 146 by execution of the program instructions 156 in that the number M of detected people is compared with the number of signals 168. If the two numbers match one another, this means that all people in the admitted group of people have authenticated themselves to their ID token. The processor 154 then gener ates the signal 158 to unlock the door 102. The group of people can then leave the 14 receiving space 100, for example in order to pass a border or to enter a protected building area. In the case of biometric authentication, a biometric feature for example of the per 5 son 120 is detected by the sensor 152 instead of the PIN via the keypad 150 and is transmitted via the interface 130 to the ID token 112, such that the received bi ometric data can be checked there for a sufficient match with the reference data 138, for example by what is known as a Match on Card method. Alternatively, the reference data 138 are read out from the ID token 112 by the reader 110 or the 10 controller 146 in order to check a sufficient match of the detected biometric fea tures with the reference data 138 by the reader 110 or by the controller 146. To this end, both the biometric reference data read out from the ID token 112 and the biometric features detected in a sensor-based manner from the person 120 are transmitted from the reader 110 to the controller 146 in order to be evaluated 15 there. Figure 2 shows a corresponding flow diagram. In step 200, a number of M people are admitted into a receiving space of a device for access control according to the invention. Upon entry or subsequently thereto, the number M of people in the re 20 ceiving space is detected by sensor (step 202). In step 204, the M people in the group of people within the receiving space each authenticate themselves to their ID token, wherein each of the successful authentications is signaled to a control unit. The control unit then compares, in step 206, the number of authentications carried out with the detected number M. If both numbers match one another, a 25 release signal is generated by the controller in step 208 in order to signal that the group of people can pass; the receiving space is unlocked by the release signal, such that the M people can then leave said receiving space again. By contrast, a message is generated in step 210 and is directed for example to a border official so that he can intervene. 30 Figure 3 shows a further embodiment of a device according to the invention. In this embodiment, a number of N readers 110.1 to 1 10.N are distributed in the receiving space 110. For each of the N readers, it is monitored by sensor whether one of the people in the group of people or whether nobody is located at the location of the 15 respective reader. To this end, the readers can be monitored by means of a cam era for example. To this end, a separate sensor, for example a camera, a heat sensor and/or a weight sensor, is preferably located on each of the readers in or der to detect the presence of a person at a location of the respective reader. In 5 addition, a traffic zone of the receiving space can be monitored by a further sensor 170 in order to ensure that no further people are waiting in the receiving space other than at the readers. Separation of the people in the group of people within the receiving space is thus achieved since they each have to take to one of the readers. This simplifies the sensor-based detection of the number of people M 10 considerably and also makes this more secure and more reliable. The readers 110.1 - 110.N are formed in the embodiment considered here such that an authentication of a person to the respective ID token is then only made possible once the respective reader has received a release signal 172 from the 15 controller 146. It is not possible to input the PIN via the keypad 150 or to detect the biometric feature via the sensor 152 (see Figure 1) beforehand. To control access, an approach is adopted in the embodiment considered here, additionally to the embodiment according to Figure 1, such that the signals 164 of 20 the sensors 108.1 - 108.N are evaluated by the controller 146 in order to ascertain whether these signals indicate the presence either of precisely one person or no body at the location of the respective reader. Furthermore, a signal 174 of the sensor 170 is checked by the controller 146 in order to ascertain whether no fur ther people are waiting in the receiving space 110. 25 When the people 120, 122, 124 and 126 then take to the readers 110.1, 110.2, 110.3 and 110.4, as illustrated in Figure 3, this is thus detected by the correspond ing sensors 108.1, 108.2, 108.3 and 108.4 and is signaled to the controller 146. If, in addition, a further person 176 is located in the receiving space 100 and poten 30 tially does not have an ID token or has an invalid ID token 178, this is thus detect ed by the sensor 170. The processor 154 of the controller 146 generates the re lease signals 172 by execution of the program instructions 156 only on the condi tion that all of the sensors 108 signal the presence of precisely one person or no body at one of the readers 110 and that the sensor 170 further signals the pres- 16 ence of no further people in the receiving space 100. The person 176 in the case considered here must therefore first leave the receiving space 100 before the au thentications can take place. 5 Once the M people, that is to say in the application considered here M = 4 people 120 - 126, have taken to the readers 110.1 - 110.4 and have thus been separated within the receiving space 100, and once the person 176 has also left the receiving space 100, the controller 146 then generates the release signals 172 for the read ers 110.1 - 110.4, such that the people 120 to 126 can then be authenticated to 10 the respective assigned ID token 112 to 118. Here, the door 102 is thus then un locked on the condition that successful authentication has occurred at each of the readers 110.1 to 110.4 at which the presence of a person had been detected. Figure 4 shows a corresponding flow diagram. 15 In the step 300, M people are admitted. The number M is detected in step 302 by a number of N sensors (see the readers 110.1 - 1 10.N in Figure 3). It is also checked in step 304 whether any other person is located in the receiving space who has not taken to one of the readers. If this is the case, a message is generat 20 ed in step 306 such that a border official can intervene for example. If this is not the case, execution of the authentications of the M people to the respective read ers at which said people are located is released in step 308. For a reader for which the presence of a person has not been detected, no authentication is released, and therefore the authentications can be carried out only at those readers at which 25 a person in the receiving space is actually located. If the number of signaled au thentications is M, that is to say equal to the number of people detected by sensor in the receiving space, unlocking thus occurs in the step 314, otherwise a mes sage is again generated in step 312. 30 For the time between the release of the authentication in step 308 and the check in step 310, a predefined maximum time can be defined, within which all of the authentications must have taken place. If this time is exceeded, the process branches to the message 312.
17 The embodiment according to Figure 5 has been developed compared to the em bodiment according to Figure 3 in that a waiting area 180 is located before the re ceiving space 100 and is used to receive a further group of people, provided a group of people is still located in the receiving space 100. For example, the group 5 of people 182 includes the people 120, 122, 124 and 126, whereas the further group of people 184 in the waiting area 180 includes the people 120', 122', 124' and 126', wherein it is assumed here, without loss of generality, that N = M = 4 for each of the groups of people 182 and 184. 10 At least one reader 110' with an interface 130' that in principle can be constructed similarly to the interface 130 of the readers 110 in the receiving space 100 is lo cated outside the receiving space 100. The reader 110' has a processor 140' for execution of program instructions 142' and also an interface 144' for communica tion with the corresponding interface 148' of the controller 146. Furthermore, the 15 reader 110' has an optical sensor 186, for example for carrying out what is known as a BAC, specifically in order to visually detect from one of the ID tokens a piece of information printed on the ID token, such as what is known as the MRZ. Here, the ID tokens 112 to 118 or 112' to 118' may particularly preferably be machine readable travel documents, in particular electronic passports or electronic personal 20 identification documents, in particular in accordance with a standard defined by the Federal Office for Information Security (BSI) and/or the International Civil Aviation Organization (ICAO). The waiting area 180 may be defined for example by a turnstile 188 and a turnstile 25 190. The turnstiles 188 and 190 are connected via lines 192 and 194 respectively to the controller 146, which blocks and releases the turnstiles. Due to the turnstile 188, the door 102 can be omitted or the door 102 is designed such that the various people can only pass in succession so as to restrict the access to the receiving space 100 to the maximum number of people. 30 The receiving space 100 is preferably formed here as an access airlock, that is to say the door 102 is used here merely to enter the receiving space 100, and a fur ther door 102' with a corresponding bolt 106' is used exclusively to leave the re ceiving space 100.
18 The controller 146 is designed here such that it has an electronic memory 196, which is used to store a database 198. 5 To control the access of the group of people 184, the following approach is adopt ed here: Whilst the group of people 182 is still located in the locked receiving space 100, the further group of people 184 is admitted into the waiting area 180, for example 10 by releasing the turnstile 190 by means of the controller 146. The people 120' to 126' in this further group of people 184 each in succession bring their ID token into the detection range of the reader 110', for example in order to perform a BAC and subsequent EAC for one-way or two-way authentication of the respective ID token and of the reader 110'. After this authentication, the reader 110' obtains the read 15 rights to reference data 138 stored in the respective memory 136 of one of the ID tokens, wherein this reference data is biometric reference data in the embodiment considered here. In a supplementary or additional manner, unprotected data may also be read out from the memory 136, such as a facial image. Furthermore, an identifier of the ID token is detected from the respective ID token, for example with 20 the aid of the optical sensor 186 or via the interface 130'. The reference data 138 read out from one of the ID tokens is then transmitted to gether with the respective identifier from the reader 110' to the controller 146 and is stored in the database 198, wherein the identifier is used as a database key for 25 subsequent database access to the reference data. Instead of one reader 110', a plurality of readers may also be arranged in the waiting area 180, such as a num ber of N readers 110', in order to parallelize this process. Once the group of people 182 in the receiving space 100 has been successfully 30 checked, the controller 146 generates an unlocking signal for the bolt 106', such that this group of people 182 leaves the receiving space. The door 102' is then closed again, and the door 102 is opened. The controller 146 then allows the group of people 184 to pass through the turnstile 188, such that this group of peo ple enters the receiving space 100. The number of people that may pass through 19 the turnstile 188 may be further limited here, besides N, in that the number of peo ple for which the reference data have been stored in the database 198 beforehand within the waiting area 180 are allowed through at most. People from the waiting area 180 not previously present at the reader 110' are thus also prevented from 5 entering the receiving space 100. The group of people 184 is separated in the receiving space 100 in that the people 120' to 126' take to the various readers 110.1 - 110.4. With the aid of the readers, merely the respective identifier of the ID token is then detected again as well as 10 the biometric feature of the person. The identifier together with the respective biometric feature detected is transmitted from the reader to the controller 146. The controller accesses the database 198 by means of the identifier received from the reader as a key in order to read out the 15 corresponding reference data from the database and to compare this with the de tected biometric data received by the respective reader. If all M people in the group of people 184 are thus successfully authenticated, the controller 146 con trols the bolt 106' in order to open the door 102'. 20 The approach can be adopted similarly and continuously for successive groups of people, such that the throughput is optimized without compromising security. Figure 6 shows a corresponding flow diagram. 25 In step 400, a number of M people are admitted into the waiting area. There, one or more of the second readers (see reader 110' in Figure 5) is/are located and is/are used to authenticate the ID tokens of the people admitted into the waiting area to the second reader or readers and also to read an identifier and reference data from the ID token. In step 404, the reference data are stored with the identifi 30 er as an access key in a database (see database 198 in Figure 5). In step 406, the M people from the waiting area then admitted into the receiving space. The number M is then detected in the receiving space in the step 408 by N 20 sensors, wherein a sensor may be located on each one of the readers (in this re gard see the embodiment in Figure 5). If it is determined in step 410 that a further person is located in the receiving space 5 besides at the readers, a corresponding message is thus generated in step 412. If this is not the case, the use of the first readers in the receiving space is released in step 414 in order to enable authentication of the people. To this end, the identifier from the ID token is initially detected in step 416, and the biometric features of each of the people are detected by sensor in step 148. In step 420, the database 10 is accessed by means of the identifier detected in step 416 in order to read out the respective stored reference data and to compare this in step 422 with the respec tive biometric features. Each person in the group of people is thus authenticated, specifically when the features of one of the people detected by sensor in step 414 sufficiently match the reference data stored for this person. 15 In step 424, it is then checked whether the number of successful authentications is equal to the number M of people, as has been detected in step 408. If this is not the case, a corresponding message is thus generated in step 426, and in the op posite case the exit door of the receiving space is unlocked in step 428. 20 The database 198 is then deleted so that there is no central collection of the refer ence data. Parallel to the steps 408 to 428, the steps 400 to 404 can be carried out for a sub 25 sequent further group of people in the sense of pipelined processing.
21 List of reference signs 5 100 receiving space 102 door 102' door 104 entry/exit 106 bolt 10 108 sensor 110 reader 110' reader 112-118 ID token 120-126 person 15 128 interface 130 interface 132 processor 134 program instructions 136 electronic memory 20 138 reference data 140 processor 142 program instructions 144 interface 146 controller 25 148 interface 150 keypad 152 sensor 154 processor 156 program instructions 30 158 signal 160 line 162 line 164 signal 166 line 22 168 signal 170 sensor 172 release signal 174 signal 5 176 person 178 ID token 180 waiting area 182 group of people 184 group of people 10 186 sensor 188 turnstile 190 turnstile 192 lines 194 lines 15 196 memory 198 database

Claims (15)

1. A device for controlling the access of a group of people (182, 184), 5 comprising - locking means (106, 102, 188) for locking and unlocking a receiving space (100) for a group of people, 10 - sensor means (108) for detecting the number of people in the group of people received in the receiving space, - at least one first reader (110) for signaling a successful authentication of a person in the group of people in the receiving space to an ID token 15 assigned to this person, and - control means (146) for unlocking the locking means on the condition that the detected number of people is equal to the number of signaled authentications. 20
2. The device according to Claim 1, wherein a number of the first readers is arranged in the receiving space, wherein the sensor means comprise first sensors (108.1 - 108.N) for each of the first readers in order to detect the presence of a person in the group of people in the receiving space at the 25 location of the respective first reader, wherein the authentication of the people to the ID tokens via the first readers is only released by the control means once each of the first sensors has detected the presence of somebody or nobody. 30
3. The device according to Claim 2, wherein the sensor means comprises a second sensor (170) for detecting people who are waiting in the receiving space not at the location of one of the first readers, wherein the control means are designed such that the authentication is only released on the condition that nobody is detected by the second sensor when the first sen- 24 sors simultaneously signal the presence of precisely one person or no body.
4. The device according to Claim 1, 2 or 3, wherein the ID token is designed 5 for authentication to a second reader (110'), and biometric reference data belonging to the person to whom the ID token is assigned are stored in the ID token, and wherein an identifier of the ID token and/or the person to whom the ID token is assigned is also readable from the ID token by the second reader, wherein at least one second reader is arranged outside the 10 receiving space in order to read out the biometric reference data from the ID token after authentication of the ID token to the second reader and to store this data together with the identifier as a key in a memory (196), which can be accessed by the control means or which forms part of the control means, 15 wherein the first readers in the receiving space are designed to read the identifier and comprise means (152) for detecting the biometric features of the people in the receiving space, 20 wherein the control means are designed to receive the identifiers from the first readers, to read out from the memory the biometric reference data be longing to the people with the aid of the identifiers, and to unlock the lock ing device under the further provision that the detected biometric features belonging to the people match the respective biometric reference data. 25
5. The device according to Claim 4, wherein the control means are designed such that, once the match between the biometric reference data and the detected biometric features has been checked, the detected biometric fea tures and the identifiers are deleted from the memory. 30
6. The device according to one of the preceding claims, comprising entry re striction means (188) for restricting the number of people in the group of people, wherein the number of people to which entry into the receiving space is restricted is restricted to the number of people for which the at 25 least one second reader has stored the biometric reference data in the memory.
7. The device according to Claim 6, wherein the entry restriction means are 5 locked by the control means once a maximum number of people, which is restricted to the number of people for which the at least one second reader has stored the biometric reference data in the memory, have entered the receiving space. 10
8. The device according to one of the preceding claims, wherein the ID token and the second reader are designed to execute a BAC protocol and/or an EAC protocol and/or a PACE protocol for execution of a one-way or two way authentication. 15
9. The device according to one of the preceding claims, wherein the identifier is formed from an MRZ of the ID token or an identifier of a chip of the ID token.
10. An access control system comprising a device according to one of the 20 preceding claims and a plurality of the ID tokens.
11. The access control system according to Claim 10, comprising the receiv ing space, wherein the receiving space is preferably formed as an access airlock. 25
12. A method for controlling the access of a group of people with the aid of a device according to one of preceding Claims 1 to 10, said method com prising the following steps: 30 - locking the receiving space (100) once the group of people has been received, 26 - detecting the number (M) of people in the group of people received in the receiving space, - authenticating each of the people in the group of people received in 5 the receiving space to a respective assigned ID token within the re ceiving space and signaling the successful authentications by means of the at least one first reader, - unlocking the receiving space under the provision that the number of 10 detected people matches the number of signaled authentications.
13. The method according to Claim 12, wherein it is checked that each person in the group of people within the receiving space is located at one of the first readers once said space has been locked, and the execution of authentica 15 tions of the people to the ID token is then only enabled when this is the case.
14. The method according to Claim 12 or 13, wherein the biometric reference data are read out from the ID token of the group of people with the aid of 20 one or more second readers (110') and are stored in the memory before the group of people is received in the receiving space, and wherein the bio metric features of the people in the group of people are detected within the receiving space once said space has been locked, and the detected bio metric features are compared with the biometric reference data stored in the 25 memory, wherein the receiving space is then only unlocked when the de tected biometric features sufficiently match the biometric reference data stored in the memory.
15. The method according to Claim 12, 13 or 14, wherein the sensor means are 30 designed to detect the height, weight and/or temperature, in particular the face temperature, of the people.
AU2012257871A 2011-05-17 2012-05-09 Device for controlling access, access control system and method for controlling access Active AU2012257871B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE102011076004.0 2011-05-17
DE102011076004A DE102011076004A1 (en) 2011-05-17 2011-05-17 Access control device, access control system and access control method
PCT/EP2012/058487 WO2012156238A1 (en) 2011-05-17 2012-05-09 Device for controlling access, access control system and method for controlling access

Publications (2)

Publication Number Publication Date
AU2012257871A1 true AU2012257871A1 (en) 2013-11-21
AU2012257871B2 AU2012257871B2 (en) 2016-06-30

Family

ID=46046211

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2012257871A Active AU2012257871B2 (en) 2011-05-17 2012-05-09 Device for controlling access, access control system and method for controlling access

Country Status (6)

Country Link
EP (1) EP2710561B1 (en)
CN (1) CN103534734B (en)
AU (1) AU2012257871B2 (en)
DE (1) DE102011076004A1 (en)
PT (1) PT2710561T (en)
WO (1) WO2012156238A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9815664B2 (en) 2015-06-19 2017-11-14 Otis Elevator Company Stranger prevention for elevator destination entry system

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105374096A (en) * 2015-12-07 2016-03-02 天津博威动力设备有限公司 Entrance guard system with multiple detection means
CN105827639A (en) * 2016-05-13 2016-08-03 上海迅饶自动化科技有限公司 X2bacnet protocol conversion gateway software
US10370877B2 (en) * 2016-09-22 2019-08-06 Lenovo (Singapore) Pte. Ltd. Destination criteria for unlocking a vehicle door
US11024105B1 (en) * 2017-10-16 2021-06-01 Cybra Corporation Safety and security methods and systems
CN108921979A (en) * 2018-04-10 2018-11-30 浙江易云物联科技有限公司 A kind of system for managing pedestrian passage and its method
DE102018119767A1 (en) * 2018-08-14 2020-02-20 Bundesdruckerei Gmbh Device for providing a plurality of biometric features of a plurality of people in a group of people
CN109559409B (en) * 2018-10-11 2020-06-02 江苏农林职业技术学院 Cloud control access control system for self-service fruit and vegetable picking greenhouse and image recognition method thereof
CN109407601B (en) * 2018-10-29 2021-04-30 北京东华合创科技有限公司 Intelligent laboratory monitoring alarm system based on data analysis
CN111554028B (en) * 2020-05-19 2022-03-25 青岛聚好联科技有限公司 Bluetooth access control system and interaction method thereof

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6801640B1 (en) * 1999-06-03 2004-10-05 Omron Corporation Gate control device

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10146459B4 (en) 2001-09-20 2005-03-03 Deutsche Post Ag Access control method, access control device and elevator car
CN1696982A (en) * 2005-04-11 2005-11-16 中华人民共和国珠海出入境边防检查总站 Automatic examination method for border control
DE102005025806B4 (en) 2005-06-02 2008-04-17 Bundesdruckerei Gmbh Method for access from a terminal to an electronic device
EP2033926B1 (en) * 2005-09-30 2014-12-31 Inventio AG Lift assembly for transporting lift users in a building area
EP1821237B1 (en) * 2006-02-15 2010-11-17 Kabushiki Kaisha Toshiba Person identification device and person identification method
DE102006036108A1 (en) * 2006-05-19 2007-11-22 Siemens Ag Controlling device for persons, has primary investigation unit for executing multiple investigation process to determine identity of person, secondary investigation unit for determining identity of objects and evaluating processor unit
JP4751442B2 (en) * 2008-12-24 2011-08-17 株式会社東芝 Video surveillance system
CN101706976A (en) * 2009-08-26 2010-05-12 深圳市飞瑞斯科技有限公司 Anti-trailing system and device based on number of video viewers
CN101774501B (en) * 2009-10-19 2013-07-24 秦皇岛开发区前景电子科技有限公司 Management method and system of household elevator with security protection function

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6801640B1 (en) * 1999-06-03 2004-10-05 Omron Corporation Gate control device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9815664B2 (en) 2015-06-19 2017-11-14 Otis Elevator Company Stranger prevention for elevator destination entry system

Also Published As

Publication number Publication date
CN103534734A (en) 2014-01-22
EP2710561A1 (en) 2014-03-26
AU2012257871B2 (en) 2016-06-30
DE102011076004A1 (en) 2012-11-22
CN103534734B (en) 2016-11-23
PT2710561T (en) 2017-02-21
WO2012156238A1 (en) 2012-11-22
EP2710561B1 (en) 2017-01-04

Similar Documents

Publication Publication Date Title
AU2012257871B2 (en) Device for controlling access, access control system and method for controlling access
JP5055905B2 (en) Entrance / exit management system, entrance / exit management robot device, and entrance / exit management program
US11205312B2 (en) Applying image analytics and machine learning to lock systems in hotels
KR101654784B1 (en) Access authentication system using a mobile terminal
JP6155857B2 (en) Entrance / exit management device and entrance / exit management system
JP5302581B2 (en) Security system and program thereof
JP2007262695A (en) Entrance management equipment with enhanced security function, and entrance management method
WO2011155899A1 (en) A secure access system employing biometric identification
CN107633580A (en) A kind of smart lock and its control method, intelligent coffer
JP2008040828A (en) Entering/leaving management system
KR20090041619A (en) Entrance and exit control system
WO2013055542A2 (en) Method and system for training users related to physical access control system
JP2001040923A (en) Access management system
JP2000315291A (en) Complex security system for building
JP2000145219A (en) Lock management system
GB2459327A (en) Anti-tailgating system for a restricted access entrance
JP2006107308A (en) Method, managing apparatus, and system for exit management, and information reader
JP5929225B2 (en) Entrance / exit management system
JP2006070653A (en) Security passing controller
KR101967111B1 (en) Controller system for security enhancement service by reducing system load with smart characteristic information processing procedure
JP2017173890A (en) Room entry/exit management device and room entry/exit management method
JP2004068411A (en) Entering/leaving control device
JP4154013B2 (en) Management system
JP4279037B2 (en) Entrance / exit management system
CN214929589U (en) Door unblock controlling means

Legal Events

Date Code Title Description
FGA Letters patent sealed or granted (standard patent)