CN109923592B

CN109923592B - Method and system for access control and awareness management

Info

Publication number: CN109923592B
Application number: CN201780068142.3A
Authority: CN
Inventors: 卢克·安德鲁·舍恩菲尔德; 迈克尔·布莱恩·琼斯; 阿里·阿克巴·侯赛因; 詹姆斯·格里斯巴彻; 伊凡·阿尔马拉尔·索莱; 蒂莫西·H·赫恩
Original assignee: Lachi Co ltd
Current assignee: Lucky Systems Co ltd
Priority date: 2016-09-06
Filing date: 2017-09-06
Publication date: 2021-11-05
Anticipated expiration: 2037-09-06
Also published as: AU2023210587A1; JP6970201B2; EP3510566A4; WO2018048956A1; EP3510566A1; JP2019536176A; AU2017324945A1; CN113989959A; CN109923592A

Abstract

Systems and methods for access control management for multi-unit buildings are provided. The disclosed system may facilitate multi-unit real estate management using mobile devices, local mesh networks, access control devices, and wireless communications. The mobile device may download and use credentials to access appropriate areas and units in the building through local wireless communication with the access control device.

Description

Method and system for access control and awareness management

RELATED APPLICATIONS

This application claims priority to U.S. patent application No. 15/257,750 entitled "METHODS AND SYSTEMS FOR ACCESS CONTROL AND AWARENESS MANAGEMENT", filed on 9/6/2016, which is a continuation-in-part application under 35u.s.c. § 120 of U.S. patent application No. 14/589,805 entitled "METHODS AND SYSTEMS FOR MULTI-UNIT REAL ESTATE MANAGEMENT", filed on 5/1/2015, 14/589,805, which claims 35u.s.c. § 119(e) of U.S. provisional application No. 61/923,643 entitled "a system of MULTI-UNIT test management", filed on 4/1/2014, the contents of which are incorporated herein by reference in their entirety.

Technical Field

The invention relates to a system and method for access control management for multi-unit building design.

Background

There is a continuing need to manage access to the parties involved in the occupancy and operation of multi-unit buildings. Access management may have a significant impact on, for example, overall security, legal liability, and personal comfort. Security of multi-unit buildings is an important and complex problem, particularly the management of keys that can grant access to building units and public spaces. Each individual unit in a building may have different access control requirements, and an occupant or other individual associated with the operation and maintenance of these buildings may periodically need to access different facilities within the building to perform a particular function, such as package delivery or cleaning.

Over time, various systems have emerged to help manage these types of environments. Prior art physical key management systems, while effective when operating correctly, can be expensive and inconvenient for most users. For example, installation costs and the costs and time associated with training employees on the system can be high. Furthermore, the high ongoing costs associated with maintenance and poor compliance with system policies may render these systems ineffective.

Other prior art systems provide digital access control management through Radio Frequency Identification (RFID) or other types of magnetic or electronic keys that are centrally controlled by a management interface. Such prior art systems allow door control and management from a central server, while a user can authenticate and gain access by using a "numeric keypad" and a "card reader" in the field. These systems require locally deployed management hardware, which creates a security risk. For example, a numeric keypad typically becomes unsecured when, in a convenient form, a numeric code is shared between an authorized party and an unauthorized party.

Using a biometric identifier for authentication purposes is an alternative to access control PIN codes or badges (badges). However, it is difficult to manage the use of biometric locks in a multi-unit environment. For example, it can be complicated to collect biometric data (such as fingerprints) and store and program them into an access control system. Furthermore, the storage of biometric data can be costly for a typical building owner due to additional security requirements associated with the storage of sensitive biometric data. Furthermore, users may become uncomfortable when they are required to provide biometric data for authentication and storage.

Other prior art systems utilize a mobile phone or other mobile device as a physical identifier of a single owner building or a single unit. These systems allow the user's mobile phone to be used as an authentication identifier when interacting with the access control system through a network connection or a locally transmitted radio frequency connection. Systems utilizing mobile devices typically require a persistent internet connection to operate, which may be suitable for a single owner building. However, for multi-unit buildings, this can become quite problematic.

Bluetooth is another communication standard employed in some prior art systems for providing tracking suitable for following a user within a defined space using a Bluetooth-enabled device. However, in those systems, bluetooth communication is only used to track the user to create a timeline of activities for the user through a silent and imperceptible handshake between the user's device and hardware installed within the geographic region. Other prior art systems utilize bluetooth technology to distribute and manage keys, but they require centralized updating of the access control point with new information to update the new keys and users added to the system. Finally, other bluetooth enabled prior art systems use rotating authentication credentials that do not require updates from a central server; however, they have a safety risk.

Accordingly, there is a need for a secure access management system for a multi-unit building that can control interactions between occupants, visitors, service providers, and building owners that are not provided by prior art systems.

Disclosure of Invention

Systems and methods for secure access control management are provided that include an access control point, a mobile device, a local mesh network (local mesh network), and a unified credential system.

According to aspects of the invention, an exemplary access control management system may include a plurality of access control devices, each access control device including a wireless transceiver and a wireless transmitter. Each access control device may communicate with the mobile device when the mobile device is within range of the access control device and control the locking mechanism in response to wireless signals received from the mobile device. Access control devices and mobile devices within range of any access control device in the system may form a local mesh network. In a partially meshed network, an access control device may communicate with mobile devices and other access control devices in the system. The mobile device may store credentials that may control access to the one or more access control devices and may unlock a locking mechanism controlled by the one or more access control devices. According to aspects of the invention, other approved users' mobile devices may receive credentials to their mobile devices, which credentials may also grant permission to unlock a locking mechanism controlled by one or more access control devices. The mobile device may also store system updates and may be configured to communicate the system updates to the in-range access control devices via wireless signals. The access control device may communicate the received system update to other access control devices within range via the local mesh network.

According to an alternative embodiment of the present invention, an exemplary method for access control management may include providing a plurality of access control devices each including a wireless transceiver and a wireless transmitter, each access control device capable of communicating with a mobile device and capable of controlling a locking mechanism in response to a wireless signal received from the mobile device when the mobile device is within range of the access control device. The method may further comprise: a local mesh network is formed in the system by coupling access control devices within range of each other and mobile devices within range of any access control device. The method may further comprise: credentials are stored by the mobile device, which may control access to the one or more access control devices and unlock a locking mechanism controlled by the one or more access control devices in response to a wireless signal transmitted by the mobile device. The method may also include providing credentials to mobile devices of other approved users to be granted permission to unlock a locking mechanism controlled by the one or more access control devices. The method may also include storing, by the mobile device, the system update and transmitting the system update to an access control device within range of the mobile device via a wireless signal. The method may also communicate, by the access control device, the received system update to other access control devices within range via the local mesh network.

According to an alternative embodiment of the present invention, a mobile device for providing access control management may be configured to communicate with a plurality of access control devices each including a wireless transceiver and a wireless transmitter when the mobile device is within range of the access control device. The mobile device may also be configured to control a locking mechanism in one or more access control devices within range by wireless signals transmitted from the mobile device. The mobile devices may also be configured to log into a local mesh network of access control devices that are within range of each other as well as within range of other mobile devices. The mobile device may also be configured to store credentials that may control access to the one or more access control devices and unlock a locking mechanism controlled by the one or more access control devices. The mobile device may also be configured to provide credentials to mobile devices of other approved users to be granted permission to unlock a locking mechanism controlled by the one or more access control devices. The mobile device may also be configured to store and communicate system updates to access control devices within range of the mobile device via wireless signals.

Drawings

FIG. 1A illustrates an exemplary access control management system according to an embodiment of the present invention.

FIG. 1B illustrates an exemplary system architecture for an access control management system, according to an embodiment of the invention.

Fig. 2 illustrates an exemplary access control device according to an embodiment of the present invention.

Figure 3 illustrates an exemplary method for providing guest access to a multi-unit building in accordance with an embodiment of the present invention.

Fig. 4 illustrates an exemplary method for setting a security level for access control management according to an embodiment of the present invention.

FIG. 5 illustrates an exemplary method for providing access to a multi-unit building, according to an embodiment of the invention.

FIG. 6 illustrates an exemplary method for updating components of an access control management system according to an embodiment of the present invention.

Fig. 7 illustrates an exemplary device communication encryption flow in accordance with an embodiment of the present invention.

FIG. 8 illustrates an exemplary method for tracking information utilized by a building in accordance with an embodiment of the present invention.

FIG. 9 sets forth an exemplary method for configuring an access control management system according to embodiments of the present invention.

10-12 illustrate exemplary screenshots of an application running on a mobile device for providing access control management according to embodiments of the present invention.

Fig. 13A-13C illustrate an exemplary access control management system according to an embodiment of the present invention.

FIG. 14 illustrates an exemplary method for providing access to a region according to an embodiment of the invention.

15A-15B illustrate an exemplary access control management system according to an embodiment of the present invention.

Fig. 16-17 illustrate exemplary access control management systems according to embodiments of the present invention.

FIG. 18 sets forth an exemplary method for managing access to regions according to embodiments of the present invention.

FIG. 19 illustrates an exemplary access and awareness control method, according to an embodiment of the present invention.

Detailed Description

According to an embodiment of the present invention, a method and system for access control management for multi-unit building designs is provided. An exemplary system may replace a physical key management system with a mobile device, a local mesh network, installed access control hardware, a communication standard, and a credential layer. In addition, the disclosed system may eliminate the need for physical keys or access cards and renewal keys faced by many operators in the multi-element real estate management industry.

FIG. 1A illustrates an exemplary access control management system. Specifically, the system 100 may include: one or more access control devices (102, 104, and 106), at least one mobile device 108 configured to communicate with the access control devices via a wireless communication protocol 110, and a local mesh network constructed by the access control devices (102, 104, and 106) and the mobile device 108. The access control device may communicate with other access control devices within range, for example, via a wireless communication protocol 112, which wireless communication protocol 112 may be of the same type as the wireless communication protocol 110. One of ordinary skill will appreciate that a partially meshed network may be a dynamic network in which mobile devices become part of the network as they come within range of an access control device and leave the network as they come out of range of all access control devices in the network. The access control devices (102, 104, and 106) may be off-the-shelf, custom-made, or retrofit hardware devices (e.g., wireless sensors added to existing hardware or tethered to an accessory of an existing mechanical lock) that may be installed in various access points in a multi-unit building, including, but not limited to: building access doors, auxiliary service doors, public room area doors, gym doors, individual unit doors, doors within units, and other related access points. The mobile device 108 may comprise a smart phone, tablet, or other customized wireless communication enabled device that may communicate with the access control devices (102, 104, and 106) over a wireless local communication protocol 110, such as bluetooth, Z-wave, ZigBee, thread, or other Radio Frequency (RF) communication network. The mobile device 108 may also store user credentials that may be paired with the user mobile device 108.

According to embodiments of the present invention, the local mesh network may connect the access control device with the mobile device to activate various functions as described in detail below. According to aspects of the invention, the credential may be a digital file of encrypted lines of code. When the credentials are paired with the user's mobile device, the credentials may provide authentication and authorized access to the user. For example, the access control device 102 can grant access to a unit that can be owned or leased by a tenant that carries the mobile device 108 and stores appropriate credentials. When a user approaches their cell, the access control device 102 and the user mobile device 108 may communicate wirelessly to grant the user access to the cell, such as unlocking a door. Further, a single credential may grant a user access to all buildings and institutions that implement the disclosed system. For example, a user may use credentials stored in their mobile device to access their office, their gym, their private club, or any area where an access control device has been installed that can control access to a secure area. Users can conveniently manage all of their visits, visitors, and service provider offerings through the same interface (e.g., a website or app running on their mobile phone).

An exemplary system architecture, according to an aspect of the present invention, is shown in FIG. 1B. Fig. 1B shows a server 152 in communication with a database 154 and also in communication with a building manager device 156, a user mobile device 158, a guest mobile device 160, and a service provider device 162. Server 152 may generate and manage credentials that may be stored in database 154. A building manager using a device 156 (e.g., a computer, tablet, or cellular phone) may request generation of credentials for a user (e.g., a new building tenant) from the server 152 according to user-specific access specifications. Upon requesting credential generation, the building manager can specify access specifications for a particular user, e.g., grant access to a user unit, grant access to a building gym, etc. The building manager may modify the access specification at any time, for example, when the user gym membership has expired, the building manager may request new credentials for the user from server 152 through an interface running on building manager device 156. The user may receive credentials from the server 152 and may store the credentials in the mobile device 158. The server may allow different rights to the user, according to the regulations specified by the building manager. For example, the server may enable a user to grant access to their building to their visitors. The user may use an application running on the mobile device 158 to request from the server 152 to generate credentials for their visitor with the mobile device 160. For example, a user may send an invitation to a guest for an event occurring in their building using an access control management app. According to aspects of the invention, credentials may be requested automatically. Once the server 152 generates the credential, it may send it to the guest mobile device 160. The guest mobile device 160 and the generated credentials will be paired and authentication of the guest may be provided. The visitor can then use their mobile device 160 to access the building and unit. For example, the server may enable a user to grant access to their building to their visitors. The user may also use an application running on the mobile device 158 to request from the server 152 to generate credentials for the service provider with the mobile device 162. The service provider mobile device 162 and the generated credentials will be paired and may provide authentication of the service provider.

One of ordinary skill will appreciate that the disclosed systems and methods are implemented using mobile devices and more particularly through the specific characteristics of the mobile devices and how people interact with their mobile devices. For example, people carry mobile devices with them at all times. Mobile devices are on most of the time and can communicate passively with sensors in their environment without active involvement of the user. In addition, mobile devices have a wide variety of radio frequency communication capabilities through built-in hardware, making them ideal for communicating over different types of communication standards. The mobile device may install and run applications or apps that enable functionality not available through a web browser running on the computer (e.g., by utilizing device-specific hardware attributes such as radio, camera, and secure biometric sensors). Further, the mobile device may be automatically updated in the background to provide updated security keys, instructions, and permissions without active user involvement.

According to embodiments of the present invention, a local mesh network eliminates the need for a persistent internet connection. As mentioned above, other prior art methods require that the access control device is always connected to the internet. Instead, the disclosed system may link an access control device with a mobile device through a partial mesh network. The mobile device may provide a bridge to the internet for the entire mesh network. This allows the access control system to be operated at a lower cost and with minimal power requirements, for example, compared to systems that require a persistent internet connection to operate and update the access control device. In the described system, the access control devices may be connected to each other and the system may utilize a handshake performed between the user device and the access control device to communicate any system updates to the access control device. The user device typically has an internet connection and sufficient capacity to utilize the installed access control hardware to passively pass system update packets through the required handshaking process. Thus, there is no additional requirement for a persistent internet connection installation for the access control device.

An exemplary access control device is shown in fig. 2. In particular, the access control device 200 may include a wireless communication module 202 configured to communicate with user mobile devices and other access control devices in its vicinity via a wireless transmitter and a wireless receiver. The communication from the user device may involve granting the user of the mobile device access to a particular area or cell. Additionally, communications from the user device and other access control devices may also involve system updates. The access control device 200 may also include a long life battery 204 and a handle 206 to move a latch 208 and unlock a channel lock, e.g., door, deadbolt or other locking mechanism to a user's unit. The access control device 200 may also include a digital display 210 to provide information to the user. Those skilled in the art will appreciate that the access control device of fig. 2 is for illustration purposes only, and that other types of access control devices may be used.

According to aspects of the invention, each access control device may have a unique Identification (ID) that can identify them in the system. For example, the access control ID may be based on the MAC address of the access control device radio. Server 152 may maintain a table of encryption keys that may be indexed by access control device IDs. Each credential associated with an access control device ID may be configured into an appropriate lock during installation. When access to the lock is requested, the appropriate credentials are securely transferred to the application running on the mobile device, for example using a secure transport such as SSL/TLS, and may be stored in the mobile device. The credential may be used to generate an authenticated unlock request, for example, using an unlock protocol. When a user requests credentials from a server, for example, for a guest or service provider, the server may determine the appropriate credentials to send to the guest or service provider. The server determines the appropriate credentials based on the authenticated user that is requesting the credentials. For example, the user may be authenticated in the system by user account authentication, e.g., by providing user details when setting up an account with the system.

According to embodiments of the present invention, the disclosed access control device may have a key, e.g., authentication information, installed in advance. These pre-installed keys may be pre-installed at the access control device from the factory, may be stored in the access control device during installation, or may be updated periodically or occasionally. These keys may also be mirrored in the server, which may generate credentials for the user or guest. This may enable the use of an access control system even when the access control device is intermittently connected or not connected to the internet or a local area network. Based on the key stored in the access control device, the mirrored key on the server may generate appropriate credentials that may grant access to the area controlled by the access control device.

According to embodiments of the present invention, the systems and methods described herein eliminate the need for physical key management. For example, the system enables a building manager to create account holders within a given multi-unit building without regard to the issuance of physical keys. Once the user-tenant has an account, they are responsible for managing their own keys, whether in the form of a mobile device or a third party device of provisioned radio frequency enabled hardware. Thus, the building manager may not be burdened with, for example, guest access management, as the disclosed system may enable the user-tenant to be responsible for all aspects of guest access management.

This is shown generally at 300 in fig. 3. When a visitor to a unit owner/tenant in a multi-unit building arrives at the building, he may request access to the unit (step 302). The guest and owner may then enter a transaction, for example, through a mobile device application or app (step 304). As an illustrative example, an access request from a guest may appear as a notification from an app running on the user's mobile device. The owner may then determine whether to grant access to the guest (steps 308 and 310). If the owner decides to grant access to the guest, the owner may optionally specify a time period for which the guest will access the unit (step 312). The visitor then receives the necessary credentials for the building (step 314), which will authorize the visitor's mobile device to provide access to the building and all necessary access points up to the subscriber unit (step 316). When the guest mobile device moves into the vicinity of the user unit's access notification point (step 318), the access control point sensor may detect the guest device (step 320), which will allow the guest access to the unit (step 322). Since the user may receive notifications and grant access to the guest through an application running on the mobile device, the user may grant access to the guest from anywhere without the user being present in the cell. The skilled person will appreciate that the visitor may be granted access even before the visitor arrives at the building, and that access may be granted automatically (e.g. in the case of authorized delivery or repair).

In addition to providing access to the units, users may also provide access credentials to their visitors with appropriate restrictions, allowing them to describe with time limits and other restrictive features which facilities the visitor may access throughout the building. This can improve the user experience of both the person occupying the building and the person accessing the building, creating value for the building manager.

According to embodiments of the present invention, the system may be referenced and managed through a dedicated and secure portal to a server on any number of devices, including computers, mobile devices, and other interfaces. For example, building managers and users with appropriate privileges may provide, delete or modify privileges and access rights to guests and service providers through web pages or applications securely connected to the server.

As mentioned above, some PIN-based prior art systems face security challenges because the digital code can be easily shared between authorized and unauthorized parties. While it would still be possible for users to share their mobile devices with guests for authentication purposes, the essential and multipurpose nature of mobile devices would provide a limiting element for this type of behavior. Security is important to both operators and users in a multi-unit building, and the system described herein allows for a wide variety of security levels to be implemented, which may further enhance security beyond the advantages exhibited by simply using the user's mobile device for authentication. These security elements range from single level authentication (presence of the user's mobile device) to three levels of authentication activated by the presence of the user's mobile device, the use of a memory password (possibly entered on the user's mobile device), and a biometric scan (possibly provided by the user's mobile device). Administrators or individual users may activate this flexible security capability on a building wide basis while setting their own preferences and preferences for their visitors.

Fig. 4 shows such a hierarchical authentication system. In particular, fig. 4 illustrates an exemplary method 400 for setting a security level for access control management. For example, a user may access security preferences through an app running on a mobile device or web page (step 402). The user may then select a security level for a particular guest or service provider (step 404). As described above, the user may select a single level of authentication 406, which may require authentication 412 only by proximity. For example, a visitor with a mobile device that has received appropriate credentials may be granted access to the unit (414) when the mobile device and the access control device are within an appropriate distance.

Alternatively, the user may select two-level authentication 408, which may require authentication through proximity 416 and through entry of a PIN 418. For example, a visitor with a mobile device that has received appropriate credentials may be granted access to the unit (420) after the visitor enters a PIN, e.g., in a prompt on the mobile device, when the mobile device and the access control device are within an appropriate distance. The PIN may be provided to the guest by the user. According to aspects of the invention, the user may set a separate PIN for each guest, such that a particular guest mobile device is paired with a unique PIN to improve security. The access control device 200 may also include a digital display 210 to provide information to a user and input methods for communicating with the device.

Finally, the user may select three-level authentication 410, which may require authentication through proximity 422, through entry of a PIN424, and through use of biometric identification. For example, a visitor with a mobile device that has received appropriate credentials may be granted access to the unit (428) after the visitor enters a PIN, such as in a prompt on the mobile device, and identifies himself, such as by using biometric recognition, on the mobile device when the mobile device and the access control device are at an appropriate distance.

According to embodiments of the present invention, access credentials may be easily extended to service personnel to perform routine functions when a user is away. The large waiting window, typically provided by a service provider (e.g., cable company technician), has been a major cause of user frustration. The disclosed system may reduce the time burden placed on consumers of these services. A user may request a service from a particular service provider, receive an approximate time window of the service to be performed, and thus provide access to that period of time without the user having to remain in their unit. This may be valuable to various service providers (e.g., housekeeping service providers, grocery delivery services, and other sensitive package delivery services). All of these service providers ideally have access to secure areas assigned to particular users for the purpose of performing their service functions, and the disclosed system can significantly increase the ease with which they will perform their services.

According to embodiments of the present invention, the system may include an Application Programming Interface (API) adapted to automatically provision access based on the associated purchase. Com, the API may automatically provide access to their building, their apartment, or even the appropriate room at checkout in order to deliver their perishable groceries directly to their refrigerator as part of the checkout process. The API may also have important applications in the hospitality management industry where users can securely access their rented rooms as well as hotel rooms (at checkout), e.g., via AirBNB or similar services, thereby eliminating the current hassle associated with key acquisition and exchange between the tenant and homeowner. The disclosed system may also provide real-time updates to all interested parties regarding the behavior of all visitors during the building's house hours.

Based on the above discussion, an exemplary method 500 for providing access to a multi-unit building is illustrated in FIG. 5. Specifically, the user may register a service to be performed (such as a cable service installation) with the service provider, for example, through the service access provider website (step 502). Additionally, the user may configure the service provider with specific instructions (step 504). The user may register delivery or other instructions with the service provider either directly in a proprietary application, or via an API relationship between the disclosed system and the service provider. The user may then schedule the service and may grant access to the provider via the digital voucher mechanism according to the scheduled time (step 506). For example, a user may use an application running on a mobile device to decide what types of credentials to provide and place appropriate constraints around the credentials. The types of credentials available may include bluetooth-based credentials, digital copies of physical keys (KeyMe), alphanumeric passwords, or even pre-programmed digital radio frequency credentials.

The disclosed system may then synchronize the digital credentials and instructions to the appropriate service provider mobile device (step 508). The service provider mobile device may then receive the appropriate instructions and credentials that will provide access to the user element (step 510). For example, the service provider may receive a password, a digital voucher downloaded to proprietary hardware (e.g., UPS handset), a digital voucher downloaded to a service-provided smartphone, a text message, or an email with instructions over the phone.

The user device may optionally receive a notification, such as a push notification, email, text or call, to notify them that the service provider device has received the appropriate credentials for the service provider (step 512). In addition, other suitably connected devices (e.g., access control devices for building entrances and subscriber units) may also receive appropriate instructions and credentials to allow service provisioning (step 514). The credentials may be matched through a set of pre-programmed parameters on the connected device or via a message from the network.

As described above, the user is not required to be present in the unit, so once the service offering is scheduled and the credentials and instructions have been distributed, the user can leave their location (step 516). The service provider may arrive at the location to provide the service and may access the entry into the user unit using credentials and instructions (step 518). Once the service provider device and the access control device are within the appropriate distance, credentials from the service provider device may authorize access to the service provider according to an action specified by the user (step 520). For example, the access control device may perform functions such as unlocking, locking, turning off a thermostat, turning on a video recording system, or activating additional sensors. The access control device may also notify the user of the service provider activity and activate other devices and services at the location in response to the activity (step 522). According to embodiments of the invention, the access control device may also ensure proper service provider behavior (step 524), for example, by monitoring. Abnormal or suspicious behavior may be reported to a user, law enforcement agency, or other service provider as appropriate.

The disclosed systems and methods may provide unique advantages to operators of multi-unit buildings, such as tenant activity tracking around various amenities, entry tracking for insurance and security purposes, access management for service and delivery personnel, behavioral tracking that may help assist operators in retaining or obtaining new tenants, secure communications, and local services (in natural disaster situations).

In particular, the disclosed system may provide a real-time view of building management for all visitors desiring access, as well as all visitors currently accessed through the visitor logs and instructions of individual users. This is particularly important in multi-unit buildings, whereby the disclosed system can track which doors are visited by users and visitors to the users and which path they have taken within the building, in order to provide the highest degree of security to users and other visitors within the premises.

As described above, the access control device may almost permanently access the internet connection through a handshake with the user's mobile device. This may eliminate the need for the system to have a dedicated internet connection and create a connected system that can be isolated from service outages. The user devices in the system will likely be provided by hosts of different service providers, thus creating redundancy in the event that one service provider cannot provide access at any given time.

Even if the system can almost permanently access the internet, the disclosed systems and methods can robustly manage access even over long periods of time without internet connectivity. For example, a key or mobile device may be provided and sent to a guest or service provider without the need to update or notify the access control device. If for some reason the system does not access the network connection between the time of key provision and the time of arrival of the guest, the mobile device of the guest may actually provide an update packet to the access control device and the network while using its key in the field.

An exemplary method 600 for updating components of an access control management system is shown in fig. 6. Periodically, the system may provide the connected devices (e.g., access control devices) with available software updates (step 602) when these devices need or will benefit from software updates to improve or enhance their functionality. After the software update becomes available, the system may notify the user, guest, or service provider mobile device of the software update when they connect to the internet (step 604). The mobile device may download software updates for the connected devices (step 606) and may store the updates in their memory (step 608). The download and storage process may occur in the background and the user and service provider may perform their normal activities (step 610) without any special user action to update the device. When the mobile devices are within an appropriate distance from the access control device, they may determine whether the particular access control device requires a software update (step 612). In this case, the mobile device may send the stored software update to the access control device (step 614), and the access control device may receive the update (step 616). Once the access control device receives the update, it may transfer the software update to other access control devices in its vicinity that also need the update (step 618). In this manner, other connected devices may receive and install the required software updates (step 620).

According to an embodiment of the invention, this data transfer will take place in a completely transparent manner to the user, wherein the update package is embedded in the handshake required to enter the building or perform other functions. By this mechanism, update packets will be handled appropriately throughout the mesh network, with all access control and other system elements updated through the network connections provided by any user device interacting with any other part of the system.

Referring to fig. 1A, a user mobile device 108 may communicate with an access control device 102 for access control or other purposes. The access control device 102 may verify the handshake and receive a security update packet from the remote management server via the user's network connection with the same handshake. The access control device 102 may then communicate the update to the access control device 104 for distribution to another access control device 106 on the same mesh network. In this way, interaction with any device in the network may update the entire network. This functionality can be important for guest management, general operational efficiency, and to prevent any problems associated with missing or lost authentication devices. According to aspects of the invention, the mobile device and the access control device may be in a central/master mode or a peripheral/slave mode. A device in the central/master mode may send software updates to other devices in the peripheral/slave mode within range. Once a device in peripheral/slave mode receives a software update, it may switch to central/master mode. These devices can switch between central and peripheral modes as needed to receive and send updates.

The disclosed system can mitigate the negative impact of theft or misplacement of mobile devices or other authenticators on the operation of the system. If the authentication element is misplaced, the user may report the event to the central server, for example, through an internet interface, a cellular interface, or on-the-fly. Once the central server receives the report, it can push system updates to the affected network to modify or delete the access credentials provided to the misplaced or stolen device. This update may be sent via the methods described above.

According to embodiments of the present invention, the system allows for encrypted communication between system devices. Fig. 7 illustrates an exemplary device communication encryption flow for a device that may be connected or disconnected from a mesh network. The connected or disconnected device may be pre-programmed with an encryption key (step 702). For example, the access control device may be programmed with a security key at the factory or at setup, which may be updated as needed. The user or service provider mobile device may be programmed with the capability to relay encrypted data packets or other credentials (step 704). The user or service provider may download an application that may be pre-programmed or updated with appropriate credentials. The user or service provider mobile device may then receive credentials (e.g., encrypted data packets and instruction sets) from a server (e.g., server 152) or other device to grant certain privileges and to represent certain access constraints (step 706). For example, the downloaded application may be updated via the invitation to interact with other devices, and may receive different capabilities based on preferences of users sharing the invitation. After the mobile device receives the encrypted data packet, it may store the encrypted data packet for later use (step 708) (e.g., when the mobile device is in contact with an associated connected device). A user or service provider device may sense a nearby connected or disconnected device (step 710) and provide encrypted data packets or instructions (step 712). The device may then process the encrypted data packet and may perform the required functions without having to connect to a network to obtain additional information (step 714).

The disclosed system may also track convenience and facility utilization across multiple unit buildings. Building managers can spend a large portion of their budgets on convenience spending to keep users. The disclosed system can quantify convenience usage across an entire building, building complex, or entire real estate layout through handshake tracking between user devices and local systems. By locating the access control devices and other sensors within the larger envisioned system architecture, a complete record of building utilization can be generated. This information may be used to determine, for example, how many users in a particular building utilize the on-site fitness facility for purposes of assessing the relative value of the service or other purposes that may be useful. Building managers may find this desirable in determining how to retain current users or attract new users, manage amenities, and spend their resources.

Complete recording of building utilization can be facilitated through background handshaking using installed hardware throughout the building, with user activities remaining completely uninterrupted by these background processes. By creating this record, the system can detect whether the credential is being used in a suspicious manner. For example, the system may detect that a particular user arrives and stays at their unit, and then use that information to mark the attempted use of the user's credentials at one of the other access points of the building. If it is determined that this is suspicious, the system may alert the building manager. By directly binding access to user locations within a multi-unit building, the system can overcome security risks created by other systems that rely on untraceable or unassociated access credentials. By binding the authentication to the user's mobile device, it will become less likely that the user will share their access privileges through any other means than those specified by the building management system. The tight connection between the user and the authentication device creates a better audit trail for the building manager.

Tracking information of building utilization may also provide significant benefits to users of the building, as they will be able to view utilization data in real time to make decisions about when to use certain amenities. For example, a user may use their mobile device to access information from the local mesh network regarding how many people are using the on-site laundry facility at that given time. This may enable users to improve their amenity utilization experience by timing them so that they avoid latency and other problems associated with overuse of certain resources at certain times.

An exemplary method 800 of tracking information utilized by a building is illustrated in FIG. 8. The user may perform their regular activities in the building while carrying their mobile device, e.g., visiting a rest area, a terrace, a gym, a laundry room (step 802). Access control devices located throughout the building may track the active and passive activities of users within the building (step 804). For example, the active activity may be accessing a laundry room. Passive activities may include, for example, the presence of five tenants in a keep-alive area of a building, ten tenants on a rooftop platform of a building, or three tenants in a lobby of a building, which may be identified by a unique signature of their cell phone. The system may generate active and passive activity logs and may transmit the logs to a server, for example, via a mobile device of the user (step 806). The activity log may be analyzed, suitably anonymous, and made available to building managers and users (step 808). For example, the user may see an activity log on their mobile device (step 810). Based on this information, they can make an appropriate decision, for example, to avoid waiting times at busy locations in the building (step 812). Additionally, user behavior may be provided to building management to improve building operation (step 814).

Building management may change the amenities to the analyzed data (step 816). Further, this information may be utilized when designing a new building and/or proposing a retrofit to an existing building (step 818).

According to embodiments of the present invention, users may also set smart triggers to notify them about building events or to notify them about the user's visitor's behavior in the building. For example, the notification may be provided when the visitor enters the front door of the building, arrives at a separate unit door, or when they access other facilities within the building. These smart triggers may be activated within the envisioned platform or may be activated by merging with other services, such as the "if this at" (IFTTT) protocol.

While many of these events, associated triggers, and actions may help users perform more efficiently or improve their quality of life, this type of system also provides security advantages in building up extensive notifications. The disclosed system may provide key functionality over a partially meshed network by pushing updates to users 'devices over the building's network in the event of a network service disruption, natural disaster, or other catastrophic event. The disclosed system may also track the location of building occupants in real time for rescue purposes in the event of a natural disaster. By activating the mesh network capability of the in-building access control devices and user devices, the local network can potentially search for and locate building occupants by looking up their radio frequency identifiers. This capability may allow rescue workers and building managers to determine whether individuals remain in a particular building and come into contact with them through their equipment.

The local network communication capabilities of the system can also be utilized to provide communication between tenants in the building without requiring a persistent network connection. This may provide many capabilities for building operators or users, such as local social networking, advertising, and promotional communications. For example, a user may receive a message from another user via a local network, allowing both parties to know that the other party is co-located within a house. Such localized networks can extend the functionality of existing networks and create new functionality over time.

Those skilled in the art will appreciate that the disclosed system may be installed in existing buildings as well as new buildings. FIG. 9 illustrates an exemplary method for installing and configuring the disclosed system. An access control device is first installed at one or more locations of a building (step 902) and registered with a central server (step 904). The central server may then assign ownership and credentials to the access control device based on instructions from the building manager, for example, through a user interface (step 906). The building manager may then assign the user as the owner of the access control device (step 908). The user may delegate credentials and instructions to their mobile device as well as other user and service provider devices (step 910). As described above, the credentials and instructions may be sent to the guest or service provider mobile device via some digital transmission (step 912), and the mobile device may download and store the credentials for future use.

Fig. 10-12 illustrate exemplary screen shots of an application running on a mobile device for providing access control management, in accordance with an embodiment of the present invention. In particular, FIG. 10 illustrates

exemplary screen shots

1002 and 1004 that may provide tracking information to a user of a mobile device. For example, screenshot 1002 provides access information 1008 when, for example, a user accesses an access control device. In a particular example, the application may provide information related to a "front door," "gym," and "garage" access control point 1006. The screenshot 1004 provides specific access information 1012 only relevant to the "front door" access control point.

Fig. 11 shows

exemplary screen shots

1102 and 1104 that may provide information to a user of a mobile device regarding a scheduled event 1106. For example, screenshot 1102 may provide instructions 1108 regarding the date of the meeting, the access control devices that need to be accessed for the event, and the people invited to the event. Screenshot 1104 provides a list of events associated with the user of the mobile device 1110 and a list of invited guests.

FIG. 12 illustrates an exemplary screenshot for authorizing access by a user to a guest. Screenshot 1200 is a screenshot of an application running on a user's mobile device. The user may select a particular guest 1206 and may specify particular access control devices and associated time windows 1208 using the app to grant the guest access to those access control devices. The application may request from the server to generate the appropriate credentials for the guest, and the server may send the credentials to the mobile device of the guest.

Fig. 13A-13C illustrate an exemplary system 1300 for voice-based authentication according to embodiments of the invention. In particular, fig. 13A shows a user 1302 holding a mobile device 1306 approaching a door 1304. The door 1304 may be locked and/or unlocked by access control device 1308. Access control device 1308 may include a microphone 1310 and a speaker 1312. When the user 1302 approaches the access control device 1308, as shown in fig. 13B, the access control device 1308 may sense the mobile device 1306, and in response, may generate a password that may be used to unlock the door 1304 if the mobile device has credentials that provide privileges to the area protected by the door 1304. For example, the access control device 1308 may generate a random number password or a language password. Once the password is generated, the access control device 1308 may push the password to the mobile device 1306. Mobile device 1306 may receive the password and may show it in an application running on mobile device 1306. The mobile device 1306 may also provide instructions to the user 1302 for unlocking the door 1304. For example, the mobile device 1306 may determine the type of particular password, e.g., a language password or a numeric password, received by the access control device 1308 and may instruct the user 1302 as appropriate. As shown in fig. 13B, the application running on mobile device 1306 instructs the user to "unlock by saying count 17603" 1314. User 1302 may then speak a password (COUNTY17603), and access control device 1308 may receive verbal input from user 1302, e.g., from microphone 1310, may process it, and determine whether it corresponds to the password it pushed to mobile device 1306. If the received language input corresponds to the generated password (1316), access control device 1308 may unlock door 1304. For example, when user 1302 provides a correct password (1316) or an incorrect password, the access control device may provide an audio instruction or appropriate message to user 1302, e.g., through speaker 1312. According to an alternative embodiment, if the generated password is a numeric password, an application running on mobile device 1306 may provide a numeric keypad where user 1302 may enter the password. Once the digital password has been entered, the mobile device 1306 may transmit a signal to the access control device 1308, which in turn may determine whether the received signal corresponds to the correct password. According to an alternative embodiment, if the generated password is a digital password, user 1302 may enter the digital password on access control device 1308.

According to an embodiment, if the access control device determines that the received language input does not correspond to a password, the access control device may notify the user to speak the password again. According to an alternative embodiment, if the access control device determines that the received language input does not correspond to a password, the access control device may notify the user to enter the password using the numeric keypad of the access control device.

As described above, when a user with valid credentials approaches a facility in which the access control device is installed, the access control device may authenticate the user. According to an embodiment, in addition to authorizing access, the access control device may capture and store access-related data, such as temperature, time, date, visual data, audio data, motion data, and battery status data. The data may be stored locally on the access control device and may be transmitted to the parties at a later time, e.g., a central system that may analyze the access patterns and statistics. Data may be transmitted to the central system using, for example, a wireless connection with a nearby mobile device that is authorized to passively or actively receive and transmit data from the access control device. Data transfer may also occur through a connection to another device in the vicinity of the access control device or through a direct network connection within the access control device.

FIG. 14 illustrates an exemplary method for providing access to a region according to an embodiment of the invention. For example, a user may approach a door with an access control device while carrying a mobile device that holds credentials that grant permission to an area behind the door 1402. When the user is within range of the access control device, the user may receive a notification including the access code 1404 from the access control device, for example, on a mobile device. After the user receives the access code, the user may speak the access code or may enter the access code according to instructions provided in notification 1406. The access control device may receive the access code 1408, may verify 1410 it, and may grant access to the area 1412 protected by the door in which it is installed. After the user enters the area, the access control device may protect the door 1414, for example, by locking the door.

According to embodiments, the disclosed methods and systems may provide valuable features in addition to capturing and storing access data. For example, personnel managing a facility are interested in monitoring the utilization of their facility and tracking the behavior of users and/or tenants of the facility. It is valuable to monitor the number of users or people that pass through a particular access point (e.g., a store or public area). Knowing how many people have passed a particular access point (either securely through valid credentials or through an unsecure process) is very helpful in evaluating the utilization of a space and the relative demand for that space. For example, a retailer may install the disclosed access control device and track the number of times per day that an access point is utilized as a data point related to sales volume, and for example, to predict longer term trends.

According to an embodiment, the access control device may determine how many times the access point is activated and how many people pass through it, e.g., by one or more sensors and various algorithms. For example, an access control device mounted on a door may be programmed to detect each time the door is opened or closed. It may also be programmed to detect when the door has opened and to detect the number of subsequent people that have entered through the door by detecting movement when the door is opened. Similarly, the disclosed access control device may detect when a door is open and a person is exiting through the door.

According to an embodiment, the disclosed access control device may detect the presence of other users and their mobile devices. For example, the access control device may have a persistent bluetooth or other wireless communication protocol to broadcast or receive input from other mobile devices for marketing and other notification generation purposes. In particular, the access control device may track mobile devices within range, record interactions with the mobile devices, and store, communicate, and/or utilize this information.

The detection of a particular device may also be linked to other data sources to discover more information about the presence of the particular device and its user. According to an embodiment, an access control device may capture data related to a user's online or other remote interaction with a product or service and then associate that information with the physical proximity of the user's device when the user's device is within a space within range of the access control device. This may allow advertisers to link online or other remote interactions with specific accesses to specific locations, providing customized notifications to users based on previously collected data when they come into proximity, or other notifications after coming into proximity based on additional collected data.

All of the various ways and devices described to detect access and user awareness are valuable for tracking the way users and devices interact specifically with a specified space within a building. One example use case for such an access control device is for managing delivery to a particular space (e.g., a closet) at a building. The particular space may be monitored by an access control device that may regulate access and restrict access to only authorized users, where their activities are tracked, stored, and utilized for future use within the space.

Similarly, the access control device may monitor the utilization of particular spaces in the building for purposes of assessing the use of those areas. The usage data may be used to dynamically price access to particular areas based on demand for the space of the amenities within the space. By capturing and comparing this data, predictive models of space utilization can be created to optimize the operation and performance of the space, and also to influence the design of future buildings to take into account the appropriate resources in a given space to maximize the monetization and functional potential of the space. These functions may allow owners of such systems to quantify and measure the performance of various marketing campaigns and systems.

Fig. 15A and 15B illustrate an exemplary access control management system 1500 that may also provide "awareness" information, such as information about a person accessing or using a particular area. Technologies that provide awareness information may include cameras, proximity beacons, motion sensors, WiFi sensors, Infrared (IR) sensors, audio sensors, visual sensors, accelerometers, location sensors, and other sensors that may detect the presence of one or more persons. For example, fig. 15A shows one or more users 1502 entering an area protected by a door 1504. The door 1504 has an access control device 1506, which may communicate with the cloud service 1510, e.g., wirelessly. Access control device 1506 may detect the presence of one or more users 1502 and/or identify one or more users 1502, and may send information, e.g., information about the identified users, to cloud service 1510. The area protected by the door 1504 may be a retail store, which may have a counter with a computing device 1508, such as a computer, tablet, smart phone. Computing device 1508 can receive information from access control device 1506 through cloud service 1510 or directly (e.g., through a local area network), where both access control device 1506 and computing device 1508 are connected to the same network, or a peer-to-peer network (e.g., bluetooth). The computing device 1508 may use the received information to generate statistics 1512, such as, for example, a volume of people or an amount of revenue broken down by day, week, or other time period.

Fig. 16 and 17 illustrate exemplary access

control management systems

1600 and 1700, respectively, which may also provide proximity-based notifications. For example, fig. 16 shows a door 1602 with an access control device 1604. Access control device 1604 may detect the presence of a different user, such as user 1606, walking in its vicinity. For example, the access control device 1604 may identify the mobile device 1608, e.g., by an installed credential in the mobile device, and may determine to send a notification 1610 to the mobile device, e.g., an advertisement, an announcement, or a reminder. For example, notification 1610 ("get free iced coffee when you buy cake at Bakehouse") may be displayed in a short message, email, or on a lock screen of the mobile device. For example, the access control device may identify a particular user and send a targeted notification by identifying the mobile device that the user is enrolled with (sensing the mobile device) or by identifying that the user has particular access credentials associated with their profile (e.g., the user has entered a particular area using particular credentials, such as credentials authorizing access to a public area or gym, for example, at a building). According to an embodiment, the access control device may, for example, be provided with a memory for storing the access control information

Etc. to sense the presence of a particular user mobile device. Upon identifying a particular mobile device, the controlling access device may respond, for example, with a notification on a screen of the access control device, a notification on a screen (such as an announcement screen) in communication with the access control device, a notification on a screen through the mobile device, through SMS, email, chat messages, and/or other types of communications.

According to embodiments, the disclosed systems and methods may provide targeted advertising notifications to users based on relevance to their particular interests (e.g., specified in a user profile), proximity, time of day (e.g., lunch offer notifications), time of year (e.g., holiday season), socioeconomic data, previous shopping history, previous internet browsing history, and user physical presence history, for example. The notification may relate to a non-targeted advertisement, such as a general advertisement for a building or another location.

Similarly, fig. 17 shows a door 1702 with an access control device 1704. The access control device 1704 may detect the presence of the user 1706. For example, the access control device 1704 may identify the mobile device 1708, e.g., via a credential installed in the mobile device, and may determine to send an alert 1710 to the mobile device, e.g., an alert related to maintenance in a building. For example, notification 1710 ("elevator 'a' out of service") may be displayed as a text message, email, or on a lock screen of the mobile device.

Fig. 18 illustrates an exemplary access control management system 1800. For example, door 1802 may provide access to a storage area 1810, e.g., a room for storing packages 1812, through access control device 1804. The user 1806 may be the administrator of the package delivery and may provide credentials to the delivery person 1808, for example, through the mobile device 1814. For example, delivery person 1808 may be scheduled to deliver or retrieve a package to/from storage area 1810 during a particular time window. The mobile device 1810 of the member of the delivery person 1808 may receive access credentials, such as a numeric password, which may be entered on a keypad of the access control device 1804.

Fig. 19 illustrates an exemplary method 1900 for access control and awareness using an access control device. For example, a user that is not granted credentials may approach an area controlled by an access control device (step 1902) or multiple access control devices. The access control device may detect the presence and/or motion of the user or user device (step 1904). Based on the captured information, the access control device may evaluate the number of users present in the area and the type or duration of their activities (step 1906). The access control device may optionally store the information locally (e.g., at a memory installed in the access control device) and may later send the store information to the central system for the aggregation process (step 1908).The access control device may communicate the information to a central system. The central system may combine information received from one or more access control devices and may aggregate the data to generate statistical data (step 1910). For example, the system may compare the presence of the user (and its mobile device) to known users (and mobile devices) and may provide relevant data to the system (step 1912). Based on this data, the system may determine whether the user or device may be associated with a previously known ad impression or engagement target (step 1914). For example, the access control device may store historical information about the user and their mobile device. Alternatively, the mobile device may store information about the access control device and then respond when the mobile device detects a particular access control device. The system may then send relevant notifications to all interested parties regarding access and awareness at the particular location (step 1916). The interested parties may include, for example, service providers (such as

) Delivery services (such as

Or

) Building management, security companies, insurance providers, and advertisers.

While the disclosed subject matter has been described and illustrated in the foregoing exemplary embodiments, it is understood that the present invention has been made by way of example only and that numerous changes in the details of implementation of the disclosed subject matter can be made without departing from the spirit and scope of the disclosed subject matter.

Claims

1. A system for access control management, comprising:

a mesh network constructed from a plurality of access control devices installed in a building, each access control device configured to communicate with a first mobile device of a first user;

wherein the mesh network is configured to allow the first mobile device to join the mesh network when the first mobile device is within range of at least one access control device based on first credentials installed on the first mobile device;

wherein the first credentials are configured to enable the first mobile device to provide the first user with access to an area of the building by controlling the first set of access control devices based on the first credentials;

wherein the first credentials are configured to enable the first user to provide second credentials to a second mobile device of a second user; and is

Wherein the second mobile device is configured to provide the second user with access to the area of the building by controlling the second set of access control devices based on the second credentials.

2. The system of claim 1, wherein at least one of the plurality of access control devices comprises:

a sensor configured to detect a mobile device of a user within range of the access control device; and

a processor configured to:

in response to detecting the mobile device, generating a password for authenticating the mobile device;

sending the password to the mobile device;

receiving an input from a user; and

determining that the received input corresponds to the generated password;

wherein the access control device is configured to be installed on a door and unlock the door when the processor determines that the input corresponds to the generated passcode.

3. The system of claim 2, wherein the input from the user corresponds to one of a language input and an input of a numeric password.

4. The system of claim 3, wherein the access control device further comprises a microphone configured to receive the language input.

5. The system of claim 4, wherein the processor is further configured to:

determining that the received input does not correspond to the generated password; and

in response to determining that the received input does not correspond to the generated password, sending a notification to the user that another language input is provided.

6. The system of claim 4, wherein the processor is further configured to:

in response to determining that the received input does not correspond to the generated password, sending a notification to the user to enter the numeric password through a numeric keypad.

7. The system of claim 3, wherein the access control device further comprises a digital disc configured to receive input of the digital passcode.

8. The system of claim 1, wherein at least one of the plurality of access control devices comprises:

a sensor configured to detect access to one or more users within range of the access control device; and

a processor configured to:

identifying the one or more users based on credentials stored in mobile devices of the one or more users; and

in response to detecting the one or more users, sending information about at least one of the detected users and the identified users to a cloud service.

9. The system of claim 8, wherein information about at least one of the detected users is used to generate statistics about users within range of the access control device.

10. The system of claim 1, wherein at least one of the plurality of access control devices comprises:

a processor configured to:

identifying the user based on credentials stored in a mobile device of the user;

generating a notification in response to identifying the user; and

sending the notification to the mobile device.

11. A method for access control management, comprising:

providing a plurality of access control devices that construct a mesh network, each access control device configured to communicate with a first mobile device of a first user; and

enabling the first mobile device to join the mesh network when the first mobile device is within range of at least one access control device based on first credentials installed on the first mobile device;

wherein the first credentials are configured to enable the first mobile device to provide the first user with access to an area of a building by controlling the first set of access control devices based on the first credentials;

wherein the first credentials are configured to enable the first user to provide second credentials to a second mobile device of a second user;

12. The method of claim 11, further comprising:

detecting a mobile device of a user within range of one of the plurality of access control devices;

generating a password for authenticating the mobile device in response to detecting the mobile device;

sending the password to the mobile device;

receiving an input from a user; and

determining that the received input corresponds to the generated password;

wherein the access control device is configured to be installed on a door and unlock the door when the input corresponds to the generated password.

13. The method of claim 12, wherein the input from the user corresponds to one of a language input and an input of a numeric password.

14. The method of claim 13, further comprising: receiving the language input through a microphone of the access control device.

15. The method of claim 14, further comprising:

16. The method of claim 14, further comprising:

17. The method of claim 13, wherein the access control device further comprises a digital disc configured to receive input of the digital passcode.

18. The method of claim 11, further comprising:

detecting, by a sensor of one of the plurality of access control devices, one or more users within range of the access control device;

19. The method of claim 18, further comprising: generating statistical data about users within range of the access control device based on information about at least one of the detected users.

20. The method of claim 11, further comprising:

detecting, by a sensor of one of the plurality of access control devices, a mobile device of a user within range of the access control device;

generating a notification in response to identifying the user; and

sending the notification to the mobile device.