DE102011076004A1 - Access control device, access control system and access control method - Google Patents

Abstract

The invention relates to a device for access control of a group of people (182, 184) with - locking means (106, 102, 188) for locking and unlocking a receiving space (100) for a group of people, - sensor means (108) for detecting the number of people group of people recorded in the recording room, - at least one first reading device (110) for signaling successful authentication of a person of the group of people in the recording room to an ID token assigned to this person, - control means (146) for unlocking the locking means, provided that the recorded number of people is equal to the number of authentications signaled.

Description

The invention relates to a device for access control of a group of people, an access control system and a method for access control of a group of people using ID tokens.

From the DE 101 464 59 A1 A method is known for securing access to a secured area, which does not necessarily mean that every single person has to be checked. For this purpose, a number of persons located in a checking area are determined and a number of authorization cards present in the area are checked as to whether the number of persons matches the number of authorization cards.

The invention is the object of the invention to provide an improved access control device, an access control system and a method for access control of a group of people.

The object underlying the invention is achieved in each case with the features of the independent claims. Embodiments of the invention are indicated in the dependent claims.

According to embodiments of the invention, a device for access control of a group of persons is provided, which serves, for example, for controlling the access to a protected area, a border control or other sovereign or non-sovereign applications.

The device for access control includes locking means for locking and unlocking a receiving space for a group of people. The locking means may have a suitable locking device, such as a controllable lock, a lock door or the like. In particular, the receiving space may be formed as an access lock with an entrance and an exit door, wherein the locking and unlocking, d. H. For example, the control of the entrance and exit door to open and close the access lock, can be designed controlled by control means of the device.

The device further has sensor means for detecting the number of persons of the group of persons accommodated in the receiving space. The sensor means may be designed such that the thermal radiation of the persons, in particular their face temperature, their weight and / or another parameter is detected in order to determine the number of persons entered into the receiving space. In particular, this can be done optically by using a camera that has a CCD sensor, the recording room is monitored and with the help of image processing software, the number of people is detected.

At least one first reading device for signaling a successful authentication of a person of the group of persons in the recording room to an ID token assigned to this person belongs to the device.

The ID token can be a portable electronic device, such as a so-called USB stick, or a document, in particular a value or security document.

In particular, the ID token can be a paper-based and / or plastic-based document, such as an identity document, in particular a passport, identity card, visa, driver's license, company ID card, health card, bank card and a vehicle registration document, bill of lading or other proof of entitlement. In particular, the ID token can be designed as a chip card with a contact-based and / or contactless interface or as an RFID token. In particular, it can also be contained in a means of payment, in particular a banknote, a bank card or a credit card. The ID token may have a data memory for storing at least one attribute of a person, which is assigned to the ID token, and in particular for storing reference data and image data, in particular a digital passport photo, may be formed. The ID token also has means for authenticating the person to the ID token so that the person concerned can prove that it is actually associated with the ID token.

To authenticate the person in relation to the ID token, authentication methods known per se from the prior art can be used, in particular authentication by entering a secret identifier, ie a so-called personal identification number (PIN), and / or biometric authentication methods. In this case, protocols known per se from the state of the art may also be used, such as the Basic Access Control (BAC), Extended Access Control (EAC) and the Password Authenticated Connection Establishment (PACE) protocol, cf. Bundesamt for Security in Information Technology, Technical Guideline TR-03110, "Advanced Security Mechanism for Machine-Readable Travel Documents", Version 2.05 as well EP 1 891 607 B1 ,

For example, the first reader is a so-called class 2- or Class 3 reader with a keyboard. After the person has brought their ID token into the scope of the first reader, it enters its PIN via the keyboard of the first reader to authenticate against the ID token. The PIN is transmitted from the first reader to the ID token where the entered PIN is compared with stored reference data. If the entered PIN matches the stored reference data, the person is considered to be authenticated to the ID token and the ID token issues a corresponding authentication signal to the first reader. Alternatively or in addition to a keyboard, the first reader may include or be connected to other input or detection means, such as a biometric sensor for detecting a biometric feature of the person, such as fingerprints, an iris scanner, facial biometrics data, or the like.

The device also has control means for unlocking the locking device, provided that the detected number of persons equals the number of authenticated signatures. The control means are thus coupled to the sensor means and the at least first reading device, so that the control means can compare the detected number of persons in accordance with the number of authentications made with respect to the first reading device (s). If both numbers match, the control means effect unlocking of the receiving space so that the group of people can leave the receiving space, for example to enter a protected building area or to pass a national border. The control means may comprise a single computer or a computer network. The communication between the control means, the locking means, the sensor means and the at least one first reading device can also take place via a network, in particular an Ethernet.

The "locking means" may be, for example, a controllable door trap into which an access door of the receiving space may fall. By a corresponding signal of the control means, the door latch is released, so that the door of the receiving space can be opened.

Alternatively or additionally, there is at the entrance to the receiving space, for example, a turnstile, which can be locked, that is locked, can be, and unlocked by a corresponding signal of the control means, that is, released, can be.

Alternatively or additionally, the locking means may comprise an electric motor driven door, wherein the electric motor for opening and closing the door, as well as to hold the door in the closed locking position, can be controlled by the control means.

According to embodiments of the invention, the receiving space has a single access door for the group of people. Alternatively, the receiving space is designed as an access lock with at least one entrance door and one exit door. When the exit door is locked, the entrance door is unlocked so that the group of people can enter the reception room. Subsequently, the front door is locked. When the requirement for unlocking has been met, the control means controls the exit door to unlock it so that the group of people can leave the reception room through the exit door.

According to one embodiment of the invention, a plurality of the first readers are arranged distributed in the receiving space. The multiple first readers can be operated in parallel, so that at the same time the authentification of several persons can take place. The sensor means have first sensors for each of the first readers to detect the presence of each person of the group of persons at a location of the respective first reader. The authentication of the persons to the ID token via the first readers is only released by the control means after the first sensors have detected the presence of one person on each of the readers.

Of particular advantage here is that the throughput can be greatly increased due to the parallel operation of several of the first readers. On the other hand, the sensory detection of the number of persons is facilitated by the fact that the presence of each person is not detected somewhere in the recording room, but at the respective locations of the readers. By the first sensors at the location of each of the first readers namely a separation of persons within the recording room is inevitably made, which greatly facilitates the sensory detection of the number of people and designed very safe.

For example, a camera may be disposed on each of the readers to detect the presence of a person at the location of the particular reader, such as a thermal imaging camera and / or a camera operating in the visible range. Alternatively or additionally, a weight sensor may be present at each location of the first readers. A person who wants to authenticate to one of the first readers then has to go into the Enter detection range of the relevant weight sensor of the selected first reader, so that the person's weight can be detected their presence at the location of the selected reader. For example, in front of each of the readers, a stool can be firmly fixed, on which a person must sit, so that the authentication can take place with respect to the selected first reading device. In each of the stools is a sensor to sense the burden of the stool with the weight of a person.

Possible misuse or attempted manipulation is counteracted by the fact that the authentication of the persons with respect to their ID tokens on the respectively selected first readers of the control means is released only after the presence of one of the first sensors, each associated with one of the readers Person has been recorded if the number of people matches the number of first readers. If the number of persons is less than the number of first readers, a subset of the first readers will not detect the presence of any one person. In this way, it can be ensured that not several people are on the same first reader.

According to a further embodiment of the invention, the sensor means comprise at least one second sensor for detecting persons who are not at the location of one of the first readers in the receiving space. It is thus additionally checked here whether a person who would like to escape access control in this way is not located at a position remote from the first readers in the reception room. For this purpose, the receiving space is monitored outside the locations of the first readers by a suitable sensor, such as a thermal imaging camera, a CCD camera or the like. It is of particular advantage that on the one hand the sensing of the residence of one or no person to the standards of the readers and the sense that no person is in the recording room outside the locations of the readers, technically safe and inexpensive to implement.

According to one embodiment of the invention, the ID tokens of the persons are designed for authentication to a second reading device. In particular, this may include a so-called chip authentication of the electronic chip of the ID token relative to the second reader and optionally also an authentication of the second reader to the ID token, that is, the so-called terminal authentication. The second reading device is arranged outside the receiving space, for example in a waiting area.

The person's ID token stores that person's biometric reference data, such as fingerprint data, facial biometrics, iris scan data, and / or other biometric data. Furthermore, the ID token has an identifier which uniquely identifies the ID token. The identifier may be read from the ID token, for example, optically or via an electronic interface. In particular, the so-called machine readable zone (MRZ) of an ID token, which is designed as a machine-readable travel document, can be used to record the identifier, a serial number of the chip of the ID token, which can be read out, for example via RFID, or the personal details of the ID Person, which can be read optically from the ID token, for example, and also identify this uniquely.

The second reading device is designed to detect this identifier from the ID token and to perform at least one-sided authentication of the ID token against this second reading device, for example according to the BAC and / or EAC protocol. After successful authentication, the second reading device reads out the biometric reference data stored in the ID token and stores it with the identifier as an access key in a memory, for example the control means.

The first readers, which are located in the receiving space are also formed in this embodiment for detecting the identifier, which previously had already detected the second readers outside the recording room. The first readers are further adapted to capture the biometric feature for which biometric reference data is stored in the ID token.

To carry out the authentication of the persons in the recording room, the procedure is such that the identifiers are again recorded in the recording room with the aid of the first readers, and then with the help of the identifiers the respective biometric reference data are read from the memory in order to match those of the first readers each to compare recorded biometric features. The unlocking then takes place under the further condition that the recorded biometric characteristics of the persons with the respective biometric reference data sufficiently match.

This embodiment has the particular advantage that security against manipulation in high throughput is further increased. This is made possible by using the waiting time of the persons outside the recording room to read out the biometric reference data from the ID tokens safely, taking account of data protection requirements, so that this process does not have to take place within the recording room. The residence time of the group of people in the recording room can therefore be kept very short even with a biometric check.

According to one embodiment of the invention, the biometric reference data read from the ID tokens and buffered in the memory are deleted after the authentication has been carried out, for example immediately before or after the unlocking. In this way it is ensured that the biometric reference data can not be collected and stored in central locations.

According to a further embodiment of the invention, the device has inlet limiting means for limiting the number of persons of the group of persons, wherein the number of persons to whom the inlet is limited in the receiving space is limited to the number of persons for whom the at least one second reading device stored biometric reference data in the memory.

In other words, the number of persons who authenticate themselves outside the recording space in the waiting area in relation to the second reading device and whose biometric reference data are read and buffered while the recording space is still locked is counted. The number of persons admitted to the receiving room after unlocking is then limited to the number of persons for whom the biometric reference data has already been read. This is to prevent persons entering the recording room for whom no biometric reference data has yet been stored in the memory since this would lead to a delay in the procedure. The storage capacity of the waiting area in which the persons have access to the second reading device (s) can, for example, be selected so that it matches the receiving capacity of the receiving space.

According to one embodiment of the invention, the inlet limiting means have at least one turnstile to limit the number of persons who can enter the receiving space. An additional turnstile can be arranged at the entrance of the waiting area in order to limit the number of persons in the waiting area to the maximum receiving capacity of the receiving space. Instead of a turnstile, the inlet limiting means can also be realized by one or more automatic doors.

Embodiments of the invention are particularly advantageous for applications involving groups of people who want simultaneous access to a protected area, such as border crossing, especially at airports, entering security zones of specially protected facilities, entering company premises, bank vaults or lounges, for example in football stadiums.

Embodiments of the invention are of particular advantage in that an efficient access control of such groups of people can take place, without loss of security.

Embodiments of the invention are also of particular advantage for the access control of persons who can not operate the readers independently, such as, for example, children or persons with disabilities. Since a separation of the persons according to the invention does not take place or only within the same receiving space, such persons can be assisted within the receiving space by other persons of the group of persons.

For this purpose, it may be advantageous to arrange the first readers close to each other in order to facilitate such assistance. For example, for this purpose, the first readers form a structural unit, in particular the antenna areas for supporting the ID tokens, if it is RFID tokens, the antenna areas, for example, as an elongated support surface with multiple PIN-input keyboards can be made side by side, or which for example, how a handrail run are built in the antenna, display and control panels are integrated.

In a further aspect, the invention relates to an access control system comprising an embodiment of a device according to the invention and a plurality of ID tokens. To the access control system may also include the receiving space, wherein the receiving space may be formed, for example, as an access lock.

In a further aspect, the invention relates to a method for access control of a group of persons using a device or access control system according to the invention with the following steps: locking of the recording room after recording the group of people, recording the number of persons, the group of people recorded in the recording room, authentication of each the persons of the recorded in the recording room Person group opposite to a respectively assigned ID token within the recording room and signaling the successful authentications by the at least one first reader, unlocking the recording room on the assumption that the number of detected persons with the number of signaled authentications match.

In the following, embodiments of the invention will be explained in more detail with reference to the drawings. Show it:

1 a block diagram of a first embodiment of a device according to the invention,

2 a flow chart of a first embodiment of a method according to the invention,

3 a block diagram of a second embodiment of a device according to the invention,

4 a flow chart of a second embodiment of a method according to the invention,

5 a block diagram of a third embodiment of a device according to the invention,

6 a flowchart of a third embodiment of a method according to the invention.

Elements of the following embodiments that correspond or are the same as each other are denoted by the same reference numerals.

The 1 shows a recording room 100 to accommodate a group of persons with a maximum number N of persons. The reception room has an automatic door 102 , which may be operated by an electric motor, for example, to an input and output 104 of the recording room 100 to open or close. For this purpose, a controllable latch 106 , such as a door latch, be provided.

The recording room 100 is from at least one sensor 108 supervised. The sensor 108 is used to capture the number of people in the recording room 100 are located. At the sensor 108 it can be for example a camera or a thermal image sensor.

In the recording room 100 there is at least one reader 110 , which with the ID tokens 112 . 114 . 116 . 118 , ... a group of people, such as the persons 120 . 122 . 124 . 126 , ... is interoperable. Each of the ID tokens is assigned to exactly one of these persons, such as the ID token 112 the person 120 , the ID token 114 the person 122 , Etc.

The ID tokens 114 . 116 . 118 , ... are basically the same as the one in 1 more detailed ID tokens 112 built up.

The ID token 112 has an interface 128 to a corresponding interface 130 of the reader 110 , The interfaces 128 . 130 can be contact-based or contactless, in particular as RFID interfaces, be formed.

The ID token 112 also has a processor 132 for executing program instructions 134 as well as an electronic memory 136 for storing reference data 138 , With the reference data 138 For example, it may be a secret identifier, such as a PIN, that should only be known to the person who is the ID token 112 is assigned, so here only the person 120 , Alternatively or additionally, the reference data 138 biometric reference data of the person concerned. In the electronic memory 136 it is a protected memory that only the processor can handle 132 of the ID token 112 can internally access. Direct access via the interface 128 on the memory 136 and in particular the reference data stored therein 138 Depending on the embodiment is either not or only after approval by the processor 132 possible.

The reader 110 has a processor 140 for executing program instructions 142 as well as an interface 144 for communication with a controller 146 , which is designed as a computer, for example, and via a corresponding interface 148 features. At the interfaces 144 and 148 These can be, for example, network interfaces, in particular Ethernet interfaces.

The reader 110 also has input or detection means, such as a keyboard 150 and / or a sensor 152 ,

The keyboard 150 can enter the PIN in the reader 110 be formed and the sensor 152 it may be a biometric sensor to capture a biometric feature from the person concerned.

The control 146 has a processor 154 for executing program instructions 156 , By executing the program instructions 156 can the controller 146 for example, a signal 158 generate the bar 106 and / or the door 102 or to control their electric motor drive, so the door 102 to lock or unlock.

Further, the control may be over the line, for example 160 the locked or unlocked state of the door 102 sensing. The control 146 is also with the sensor 108 over a line 162 connected, over which the control 146 a signal 164 receives. At the signal 164 it can be a sensor signal from the sensor 104 act, which is then followed by the controller 146 by executing the program instructions 156 is evaluated to determine the number of people in the recording room. Alternatively, the processing of the sensor signal already by a digital signal processing of the sensor 108 even done, so the signal 164 already indicates the recorded number of persons. Mixed forms are also possible, after which a preprocessing of the detected sensor signal by the evaluation electronics of the sensor 108 takes place, so that accordingly the further evaluation by the controller 146 reduced.

The interfaces 144 and 148 can over other separate lines 166 be coupled with each other. The control 146 receives from the reader 110 a signal 168 , which signals that an authentication of a person has taken place.

The wires 160 . 162 and 166 can be wholly or partially replaced by a network, such as an Ethernet, via which the various components, that is, the controller on the one hand and the bolt / the door 102 , the sensor 108 and the reader 110 on the other hand can communicate with each other.

To carry out an access control, for example, the procedure is as follows:
First, a group of M persons, where 0 <M ≤ N, enters the recording room 100 , For example, the group of people M = 4 people 120 . 122 . 124 and 126 , like in the 1 shown. The persons of this group carry their ID tokens, as also in the 1 shown.

After entering the group of people in the recording room 110 will be the door 102 closed and locked. This can be done automatically or manually. With the help of the sensor 108 then the number M of persons is determined.

Furthermore, the persons of this group authenticate themselves to their ID tokens with the help of the reader 110 , For example, the person brings this 120 their ID token 112 into the detection area of the interface 130 , About the keyboard 150 of the reader 110 gives the person 120 then your PIN in the reader. The PIN is made by executing the program instructions 142 over the interface 130 to the ID token 112 transmitted and by execution of the program instructions 134 evaluated there by the processor 132 to the reference data 138 accesses and these with the over the interface 128 received PIN are compared. If the received PIN matches the reference data 138 the processor generates 132 a corresponding signal, which via the interface 128 to the interface 130 of the reader 110 transmitted and by execution of the program instructions 142 over the interface 144 as a signal 168 to the controller 146 is forwarded.

The recorded number of people M and the number of signals 168 , each signaling a successful authentication of a person against an ID token, are by execution of the program instructions 156 through the controller 146 processed by the number M of the detected persons with the number of signals 168 is compared. If the two numbers agree with each other, this means that all persons of the admitted group of persons have in each case authenticated against their ID token. The processor 154 then generates the signal 158 to the door 102 to unlock. The group of people can then enter the recording room 100 leave, for example to pass a border or to enter a protected building area.

In the case of a biometric authentication, the PIN is used instead of the keyboard 150 a biometric feature, for example, of the person 120 through the sensor 152 captured and over the interface 130 at the ID token 112 transmit, so that there the received biometric data with the reference data 138 can be checked for sufficient agreement, for example by means of a so-called match-to-card procedure. Alternatively, the reference data 138 from the ID token 112 through the reader 110 or the controller 146 to verify that there is sufficient agreement between the acquired biometric features and the reference data 138 through the reader 110 or by the controller 146 make. For this purpose, both from the ID token 112 read biometric reference data as well as that of the person 120 sensory biometric features of the reader 110 to the controller 146 transferred to evaluate them there.

The 2 shows a corresponding flow chart. In the step 200 a number of M persons are admitted into a receiving space of an access control device according to the invention. At the inlet or thereafter, the number M of persons in the receiving space is sensed (step 202 ). In the step 204 The M persons of the group of persons within the recording room respectively authenticate to their ID tokens, each of the successful authentications being signaled to a control unit. The control unit then compare in the step 206 the number of authentications made with the recorded number M. If both numbers agree with each other, then in the step 208 generates a release signal from the controller to signal that the group of people can pass; the release signal can unlock the receiving space, so that the M people can leave this again. In the opposite case, in the step 210 generates a message that, for example, is addressed to a border official so that he can intervene.

The 3 shows a further embodiment of a device according to the invention. In this embodiment, there are a number of N readers 110.1 to 110.n in the recording room 110 arranged distributed. For each of the N readers is sensory monitored whether at the location of the reader in question is one of the persons of the group or no person. For this purpose, the readers can be monitored, for example by means of a camera. For this purpose, a separate sensor, for example a camera, a thermal sensor and / or a weight sensor, is preferably located on each of the reading devices in order to detect the presence of a person at the location of the relevant reading device. In addition, a traffic area of the receiving space by another sensor 170 be monitored to ensure that in the recording room except the readers no other people are staying. As a result, a separation of the persons of the group of people within the receiving space is achieved, since they must each go to one of the readers. This significantly simplifies the sensory detection of the number of persons M and at the same time makes them safer and more reliable.

The readers 110.1 - 110.n are designed in the embodiment considered here so that an authentication of a person against the relevant ID tokens is only possible after the reader in question, a release signal 172 from the controller 146 has received. Previously, an input of the PIN is via the keyboard 150 or a detection of the biometric feature on the sensor 152 (see. 1 ) not possible.

To carry out an access control is in the embodiment considered here in addition to the embodiment according to 1 so proceeded that the signals 164 the sensors 108.1 - 108.N to the effect of the controller 146 be evaluated whether they indicate the presence of either exactly one or no person on the type of the respective reader. Further, a signal 174 of the sensor 170 to the effect of the controller 146 Check if there is in the recording room 110 do not detain any other persons.

So if the people 120 . 122 . 124 and 126 to the readers 110.1 . 110.2 . 110.3 respectively. 110.4 to go, as in the 3 This is shown by the corresponding sensors 108.1 . 108.2 . 108.3 respectively. 108.4 captured and sent to the controller 146 signaled. If next to another person 176 in the recording room 100 which may have no or an invalid ID token 178 This is done by the sensor 170 detected. The processor 154 the controller 146 generates the enable signals 172 by executing the program instructions 156 only on the condition that all the sensors 108 the presence of one or more people on one of the readers 110 signal and that further the sensor 170 the presence of no other person in the reception room 100 signaled. The person 176 must in the case considered here so the recording room 100 leave first, before the authentications can take place.

After that, therefore, in the case considered here, the M = 4 persons 120 - 126 to the readers 110.1 - 110.4 and thereby within the recording room 100 have been isolated, and after further the person 176 the recording room 100 left, the controller generates 146 then the enable signals 172 for the readers 110.1 - 110.4 so that then the authentications of the persons 120 to 126 opposite to the respectively assigned ID tokens 112 to 118 can take place. The unlocking of the door 102 is done here so on the condition that on each of the readers 110.1 to 110.4 in which the presence of a person has been detected, a successful authentication was made.

The 4 shows a corresponding flow chart.

In the step 300 the admission of M persons takes place. The number M is in the step 302 by a number of N sensors (see the readers 110.1 - 110.n of the 3 ) detected. Further, in the step 304 checked whether there is otherwise a person in the recording room who has not gone to one of the readers. If this is the case, in the step 306 generates a message so that, for example, a border official can intervene. In the opposite case, in the step 308 the execution of the authentications of the M persons to the respective readers to which they are located, released. For a reader, for which the presence of a person has not been detected, no authentication is released, so that the authentications can only be done on those readers, in which there is actually a person in the recording room. If the number of authenticated authentications is M, that is, equal to the number of times in Persons sensed in the recording room, this is done in the step 314 the unlocking, otherwise, in turn, a message in the step 312 generated.

For the time between the release of the authentication in the step 308 and the exam in the step 310 may be defined a predetermined maximum time within which all of the authentications must have taken place. If this time is exceeded, the message becomes 312 branched.

The embodiment according to 5 is compared to the embodiment according to 3 developed to the effect that in front of the recording room 100 a waiting area 180 is located, which serves to accommodate another group of people, as long as a group of people in the recording room 100 located. For example, the group of people includes 182 the people 120 . 122 . 124 and 126 whereas the other group of people 184 in the waiting area 180 the people 120 ' . 122 ' . 124 ' and 126 ' It is assumed here, without restriction of generality, that N = M = 4 for each of the groups of persons 182 and 184 applies.

Outside the recording room 100 there is at least one reader 110 ' with an interface 130 ' , which in principle can be structured like the interface 130 the readers 110 in the recording room 100 , The reader 110 ' has a processor 140 for the execution of program instructions 142 ' as well as an interface 144 ' for communication with the corresponding interface 148 ' the controller 146 , Furthermore, the reader has 110 ' an optical sensor 186 , For example, to perform a so-called BAC, namely to visually detect one of the ID tokens printed on the ID token information, such as the so-called MRZ. With the ID tokens 112 to 118 respectively. 112 ' to 118 ' These may be particularly preferably machine-readable travel documents, in particular electronic passports or electronic identity cards, in particular according to a standard defined by the Federal Office for Information Security (BSI) and / or the International Aviation Authority (ICAO).

The waiting area 180 can for example through a turnstile 188 and a turnstile 190 be defined. The turnstiles 188 and 190 are over lines 192 respectively. 194 with the controller 146 connected, which blocks or unlocks the turnstiles. Due to the turnstile 188 can the door 102 eliminated or the door 102 is designed so that the different people can pass only one after the other, so access to the recording room 100 to limit to the maximum number of people.

The recording room 100 is here preferably designed as an access lock, that is the door 102 here serves only to enter the recording room 100 and another door 102 with a corresponding bar 106 ' is used exclusively for leaving the recording room 100 ,

The control 146 here is designed to have an electronic memory 196 which is used to store a database 198 serves.

To carry out an access control of the group of persons 184 this is done as follows:
While the group of people 182 still in the locked recording room 100 is the additional group of people 184 in the waiting area 180 let in, for example by releasing the turnstile 190 through the controller 146 , The people 120 ' to 126 ' this further group of people 184 in each case bring their ID tokens one after the other into the detection area of the reader 110 ' for example, to perform a BAC and subsequent EAC for unilateral or mutual authentication of the respective ID token and the reader 110 ' , After this authentication receives the reader 110 ' the reading rights on in the respective memory 136 one of the ID tokens stored reference data 138 , wherein the embodiment considered here is biometric reference data. In addition or in addition, unprotected data can also be stored in the memory 136 be read out, such as a facial image. Furthermore, an identifier of the ID token is detected by the relevant ID token, for example by means of the optical sensor 186 or via the interface 130 ' ,

The reference data read from one of the ID tokens 138 are then together with the associated identifier from the reader 110 ' to the controller 146 transferred and in the database 198 stored, wherein the identifier is used as a database key for a later database access to the reference data. Instead of a reader 110 ' You can also use multiple readers in the waiting area 180 arranged, such as a number of N readers 110 ' to parallelize this process.

After checking the person group 182 in the recording room 100 successfully completed, generates the control 146 a release signal for the latch 106 ' so this group of people 182 leaves the recording room. The door 102 is then closed again and the door 102 will be opened. The control 146 then leaves the group of people 184 the turnstile 188 pass, so this into the recording room 100 arrives. The number of people holding the turnstile 188 In addition to N, it may be further restricted in that a maximum of that number of persons is allowed to pass through, for those previously within the waiting area 180 the reference data in the database 198 have been stored. This will also avoid people from the waiting area 180 in the recording room 100 which previously did not reach the reader 110 ' have been.

The group of people 184 will be in the recording room 100 isolated by the persons 120 ' to 126 ' to the different readers 110.1 - 110.4 issued. With the help of the readers then only the respective identifier of the ID token is recorded and the biometric feature of the person.

The identifier, along with the biometric feature detected, is sent from the reader to the controller 146 transfer. The controller accesses the database with the identifier received from the reader as a key 198 to read the corresponding reference data from the database and to compare with the received biometric data received from the respective reader. If in this way successful authentication of all M persons of the group of people 184 is done controls the controller 146 the bolt 106 ' to the door 102 ' to open.

Similarly, consecutive groups of people can be handled so that throughput is optimized without sacrificing security.

The 6 shows a corresponding flow chart.

In the step 400 a number of M people are admitted to the waiting area. There are one or more of the second readers (see 110 ' of the 5 ) which are used to authenticate the ID tokens of persons admitted to the waiting area to the second reader (s) and to read an identifier and reference data from the ID tokens. In the step 404 the reference data are stored with the identifier as access key in a database (see Database 198 of the 5 ).

Subsequently, in the step 406 the M people are taken from the waiting area in the recording room. The detection of the number M then takes place in the receiving space in the step 408 by N sensors, whereby in each case a sensor can be located on one of the readers (cf this, the embodiment of the 5 ).

If in the step 410 it is determined that there is another person besides the readers in the recording room, then in the step 412 generates a corresponding message. In the opposite case, the use of the first readers in the receiving space in the step 414 enabled to enable authentication of the persons. This is done first in the step 416 each identifier is captured by the ID token and in the step 418 The biometric features of each of the persons are sensory recorded. In the step 420 comes with the identifier, which in the step 416 has been acquired, accessed the database to read out the respective stored reference data and in the step 422 to compare with the respective biometric features. This results in an authentication of each person of the group of people, namely, in each case in the step 414 sensory characteristics of one of the persons with which stored for this person reference data sufficiently match.

In the step 424 is then checked whether the number of successful authentications of the number M of persons, as in the step 408 has been recorded, is similar. If this is not the case, then in the step 426 a corresponding message is generated and in the opposite case is in the step 428 unlocking the exit door of the receiving space made.

Database 198 is then cleared to prevent central collection of reference data.

Parallel to the steps 408 to 428 can the steps 400 to 404 be carried out in the sense of a pipelined processing for a subsequent further group of people.

LIST OF REFERENCE NUMBERS

100

accommodation space

102

door

102 '

door

104

An exit

106

bars

108

sensor

110

reader

110 '

reader

112-118

ID token

120-126

person

128

interface

130

interface

132

processor

134

program instructions

136

electronic memory

138

reference data

140

processor

142

program instructions

144

interface

146

control

148

interface

150

keyboard

152

sensor

154

processor

156

program instructions

158

signal

160

management

162

management

164

signal

166

management

168

signal

170

sensor

172

enable signal

174

signal

176

person

178

ID token

180

waiting room

182

group

184

group

186

sensor

188

turnstile

190

turnstile

192

cables

194

cables

196

Storage

198

Database

QUOTES INCLUDE IN THE DESCRIPTION

This list of the documents listed by the applicant has been generated automatically and is included solely for the better information of the reader. The list is not part of the German patent or utility model application. The DPMA assumes no liability for any errors or omissions.

Cited patent literature

• DE 10146459 A1 [0002]
• EP 1891607 B1 [0011]

Claims (15)

Device for access control of a group of persons ( 182 . 184 ) with - locking means ( 106 . 102 . 188 ) for locking and unlocking a receiving space ( 100 ) for a group of persons, - sensor means ( 108 ) for detecting the number of persons of the group of persons accommodated in the recording room, - at least one first reading device ( 110 ) for signaling a successful authentication of a person of the group of persons in the reception room with respect to an ID token, control means ( 146 ) for unlocking the locking means, provided that the detected number of persons equals the number of authenticated signatures. Device according to claim 1, wherein a number of the first readers are arranged in the receiving space, wherein the sensor means comprise first sensors ( 108.1- 108.N ) for each of the first readers to detect the presence of each person of the group of persons in the recording room at the location of the respective first reader, the authentication of the persons to the ID tokens via the first readers being released by the control means only then after the presence of one or none of the first sensors has been detected. Device according to claim 2, wherein the sensor means comprise a second sensor ( 170 ) for detecting persons who are not at the location of one of the first readers in the receiving space, wherein the control means are arranged so that the authentication is released only on the condition that no person is detected by the second sensor, when at the same time the first sensors signal the presence of exactly one or no person. Device according to claim 1, 2 or 3, wherein the ID token for authentication to a second reading device ( 110 ' ) is formed, and in the ID token biometric reference data of the person are stored, which is associated with the ID token, and further wherein an identifier of the ID token and / or the person, which is associated with the ID token, from the ID token is readable by the second reader, wherein at least a second reader is arranged outside of the receiving space to read after authentication of the ID token to the second reader, the biometric reference data from the ID token and the identifier as a key in a memory ( 196 ) to which the control means can access or which forms part of the control means, the first readers being arranged in the receiving space for reading the identifier, and 152 ) for detecting the biometric features of the persons in the recording room, the control means being adapted to receive the identifiers from the first readers, using the identifiers to read out the biometric reference data of the persons from the memory and to unlock the locking device under the further condition in that the acquired biometric features of the persons correspond to the respective biometric reference data. Apparatus according to claim 4, wherein the control means are adapted to, after checking the correspondence of the biometric reference data with the detected biometric features, the detected biometric features and the identifiers are deleted from the memory. Device according to one of the preceding claims, with inlet limiting means ( 188 ) for limiting the number of persons of the group of persons, wherein the number of persons to whom the inlet is limited in the receiving space is limited to the number of persons for whom the at least one second reading device has stored the biometric reference data in the memory. Apparatus according to claim 6, wherein the inlet restriction means are locked by the control means after a maximum number of persons limited to the number of persons for whom the at least one second reading device has stored the biometric reference data in the memory enters the reception space are. Device according to one of the preceding claims, wherein the ID token and the second reading device for implementing a BAC protocol and / or an EAC protocol and / or a PACE protocol for performing a one-sided or mutual authentication are formed. Device according to one of the preceding claims, wherein the identifier is formed from an MRZ of the ID token or an identifier of a chip of the ID token. An access control system comprising a device according to any preceding claim and a plurality of the ID tokens. Access control system according to claim 10, with the receiving space, wherein the receiving space is preferably designed as an access lock. Method for access control of a group of persons by means of a device according to one of the preceding claims 1 to 10, comprising the following steps: - locking of the receiving space ( 100 ) after the group of persons has been recorded, - the number (M) of persons, the group of persons recorded in the reception room, - authentication of each of the persons of the group of persons recorded in the reception room against an respectively assigned ID token within the reception room and signaling of the successful authentications the at least one first reading device, - Unlocking of the recording room on condition that the number of detected persons agrees with the number of authenticated signatures. The method of claim 12, wherein it is checked that each person of the group of people is within the recording room after its locking on one of the first readers and the implementation of the authentications of the persons against the ID token is only possible if this is the case. The method of claim 12 or 13, wherein the reference biometric data from the ID tokens of the group of persons using one or more second reading devices ( 110 ' ) and stored in the memory before the group of people is taken into the recording room, and within the recording room after its locking, the biometric features of the persons of the group of persons are detected and the detected biometric features are compared with the biometric reference data stored in the memory wherein the unlocking of the receiving space takes place only when the detected biometric features sufficiently match the biometric reference data stored in the memory. The method of claim 12, 13 or 14, wherein the sensor means for detecting size, weight and / or temperature, in particular the face temperature of the persons are formed.

Images