EP1821262A2 - Système de contrôle d'autorisations de personnes à exécuter des activités autorisées - Google Patents

Système de contrôle d'autorisations de personnes à exécuter des activités autorisées Download PDF

Info

Publication number
EP1821262A2
EP1821262A2 EP07002999A EP07002999A EP1821262A2 EP 1821262 A2 EP1821262 A2 EP 1821262A2 EP 07002999 A EP07002999 A EP 07002999A EP 07002999 A EP07002999 A EP 07002999A EP 1821262 A2 EP1821262 A2 EP 1821262A2
Authority
EP
European Patent Office
Prior art keywords
central server
data
terminal
persons
terminals
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP07002999A
Other languages
German (de)
English (en)
Other versions
EP1821262A3 (fr
Inventor
Leopold Dr. Gallner
Thomas Ing. Moser
Signot Keldorfer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of EP1821262A2 publication Critical patent/EP1821262A2/fr
Publication of EP1821262A3 publication Critical patent/EP1821262A3/fr
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C1/00Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people
    • G07C1/10Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people together with the recording, indicating or registering of other data, e.g. of signs of identity
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/38Individual registration on entry or exit not involving the use of a pass with central registration

Definitions

  • the invention relates to a system for controlling authorizations of persons to carry out authoritative activities.
  • the system is advantageously applicable to the administration of a large number of authorizations for buildings located remotely at any location.
  • a typical application is the management of access authorizations.
  • biometric data of the persons registered in the system are used as recognition features.
  • the signature of a person is used as key information for access control.
  • Significant information on the type of signing of a person authorized to sign up in principle is created and stored once by means of signatures. If this person then wants to gain concrete access, she has to sign again, from this data is generated, which are compared with the stored data. If there is sufficient agreement, access is granted. According to this system, it is no longer necessary to carry an item acting as a key or to apply a password. None is said about the administration of access authorizations in buildings located far apart with a total of many access openings.
  • the DE 296 02 655 U1 describes a system for assigning access rights to decentralized facilities.
  • the control devices on the respective doors are not connected to the central unit. They receive access rules in the form of data, which are brought manually on a mobile data carrier, and are read in after the reading unit has been unlocked.
  • the persons requesting admission must enter valid key information via an input unit, eg a numeric keypad.
  • the control device can also record data, such as who came and went when. If necessary, these data must be brought to the central unit manually by means of a mobile data carrier.
  • An advantage of this system is that it does not require an upright data network between the central unit and distributed control devices.
  • the disadvantage is that the data exchange between the central unit and distributed control devices arranged by physical transport of a data carrier, and thus very slow and cumbersome. This method is therefore only useful if all parts of the plant are geographically close to each other.
  • the AT 410 489 B describes a system for logging onto a distributed data processing system with the aid of a biometric feature.
  • the peculiarity here is that the data that serves as the key to access always remain separate from the data with which the user actually works. This is achieved by using a different central computer for the user identification than for the applications which are made accessible after recognition. This is very advantageous for data protection reasons when using the system hardware by several providers who have software running on it.
  • the user ID is stored in a central data memory and, if necessary, is compared under automated, electronic exchange of information with a user ID currently recorded on a terminal. Nothing more is said about further details of this information exchange or the user administration.
  • the EP 1 460 508 A1 describes the access control to a data processing system, which may also be distributed. Access is granted when an identification feature to be entered, which may also be a biometric feature, matches a feature stored on an on-board radio-to-mobile medium. This method is safer than an access control based solely on a key brought along. Furthermore, it is advantageous that for the decision whether to grant admission or not, no communication with a central server is required. The disadvantage is that a part similar to a key must be carried.
  • the WO 2004/034335 A1 describes a multi-level access control system for a building.
  • the system consists of a central computer and thus data channels connected to local, memory and computational test points at the individual inputs.
  • To verify the identity of a person requesting access locally recorded data is sent to the central computer and compared there with centrally stored identification data. Depending on the match, a corresponding signal is sent to the respective test site.
  • Identification data on the individual persons nor data on the frequency of access are stored at the individual inspection stations.
  • the system needs an upright data connection to the server to check the access authorization of a person.
  • the information required to verify the identity must also be transmitted via this data connection via a biometric feature, that is to say a relatively large amount of data become. That the system is intended only for local use cases and only for good use.
  • the GB 2 331 825 A describes a person recognition system for access from outside to a database created in a central server.
  • a fingerprint is used, which is stored in the central server and on a mitzuridden card.
  • a currently on-site fingerprint is compared with the one stored on the card, then everything is sent to the server where it is compared again with stored data. If everything fits, the server sends a signal to the local terminal, which allows access to the central database.
  • the system offers a high degree of security against manipulation by third parties on the data transmission network.
  • data exchange with the central server is required, and in addition a considerable amount of data must be transmitted per identification process.
  • the existence of a functional data connection between the local terminal and the central server is an essential prerequisite for this process.
  • the WO 2001/091038 A1 describes a system and method for controlling the access of persons to secured buildings or similar areas.
  • the system consists of a central server, individual, locally arranged access control units and a communication channel for the connection between server and access control units.
  • master data which also biometric data such as fingerprint include recorded stored and as far as required for on-site verification, sent to the access control units, stored there again and further used in then independent of the server if necessary, access requests.
  • all access control units are the same. A person can only have access to all access control units, or none at all. To each of these units, the record required to check the access authorization is sent by all the persons registered in the system.
  • the storage space requirement for each individual access control unit increases proportionally with the number of persons detected in the overall system, even if only a few authorized persons actually need access to individual access control units.
  • the object underlying the invention is how the WO 2001/091038 A1 a common control system for persons to authorize activities, such as passing through a gate, the commissioning of machinery or the switching on and off of alarm systems, in arbitrarily widely spaced and distributed buildings and rooms to propose, even then controlled authorization may be possible should, if there is temporarily no upright data connection between the individual control points and a central server.
  • the system should be better for a larger total number of control posts and authorized persons expandable, it is to be found with a smaller data storage per control point Aus GmbH and it should be supplemented in an economically meaningful scope with other useful functions.
  • a system in which a terminal is arranged at each control point, which comprises an identification device, a barrier actuator and a data recording device.
  • These terminals are networked through a data processing system comprising a single central server and a plurality of terminal servers located thereunder.
  • the central server stores the required information about all buildings and persons entitled to access - more simply called “employees". In the individual terminals required for the self-sufficient operation of the respective terminal subset of this information is also stored.
  • the terminal servers hierarchically located between the terminals and the central server control the data transfer between the central server and each subset of the terminals.
  • the invention provides that at the individual terminals, the data who, when and where the authorization has exercised, are recorded and sent to the central and server. If the data connection between a terminal and the server fails, the data accumulating at the terminal in the meantime is temporarily stored at the terminal until the data connection is up again and it is communicated to the server.
  • central server 1 In the ever networked access control system only once required central server 1 is a central database set up with all required for the access system terminal and Miterbeiteramm flowers. Terminals and employees are clearly identifiable in the data processing system. For each employee it is determined at what times he can pass through which terminals, or for each terminal is determined when it can be crossed by which employee.
  • the master data per employee at least a unique name and a unique identification information. This identification information may be, for example, compressed information obtained by an image processing algorithm from an image of an employee's fingerprint.
  • the central server 1 is connected to a plurality of terminal servers 2.
  • this connection can be formed via a LAN.
  • a Local Area Network (LAN) in this sense is a networking method between nearby computers. At present, a technology that is often used specifically for this purpose is the so-called Ethernet standard.
  • Ethernet At a greater distance - it can span across continents - the connection can be made via a VPN channel on the Internet.
  • a VPN channel in this sense is a data transmission protocol by which an information flow over a public data network is handled in such a way that it appears to the partners involved as if they were only communicating with one another via an internally accessible data network. Such transmission methods are state of the art and need not be further described here.
  • a terminal server 2 establishes the further data connections to LAN / RS485 converters 3 located geographically via a LAN. These converters 3 translate the data transfer between the format used in the LAN and the more robust, but not so fast, RS485 format, which is easier to wire. In this format, the data exchange with the individual terminals 4 is handled.
  • a terminal 4 is mounted in the area of the control points, for example, to be controlled doors or gates of buildings or rooms. At least in the case of doors, it should consist of an indoor unit 4.1, through which the lock is actuated, and an outdoor unit, 4.2, to which the identifier of the passage desiring employee is taken and compared with stored features. Three relays can be switched via such a terminal and the associated actions, such as opening a door, can be carried out.
  • the necessary equipment mounted and the necessary line connections are made in the central server 1, the individual devices, ie terminals 4, LAN / RS485 converter 3 and terminal server 2 registered. Then the master data of the individual employees are created and it is determined at which terminals at which times the individual employees are allowed to pass.
  • These registration entries are made by an authorized system administrator who has access to the central server 1. Part of this registration work is also to create identification information of each employee. For example, this can be done by reading an image of a fingerprint of the employee, from this special features are filtered out and stored as a biometric key in the central server 1. It is possible to record several fingers as biometric keys by one employee. Each finger is assigned a relay.
  • the creation of the data and the recording of the biometric key can also be done decentrally on a PC, which is equipped with appropriate software and recording device and has a corresponding network connection.
  • the central server 1 sends to the terminals concerned 4 an information packet which consists of the name of this employee used in the data processing system, his biometric key and the information over the times, at which certain permissions are granted to him, such as passage.
  • the affected terminals take this information as a work instruction and store it in the case of a gate on a local data storage attached in the outdoor unit 4.2.
  • the information that the employee concerned has triggered an action at the relevant terminal 4 at the relevant time is communicated from the terminal 4 via the higher-level LAN / RS485 converter 3 and the further upstream terminal server 2 to the central server 1 and recorded there.
  • terminal 4 and central server 1 If the data connection between terminal 4 and central server 1 does not work, which can not be ruled out at least temporarily, the function of the terminal relating to the employee does not change at all.
  • the data required for checking and possibly granting rights of individual employees are located locally in terminal 4, and the required data processing also takes place locally in terminal 4.
  • the only difference from the mode of operation of an existing data connection to the central server 1 is that the information that Employee x at time y at the terminal z by means of biometric key has actuated the relay a is not immediately communicated to the central server 1, but initially only in the terminal 4 is stored and only then communicated to the central server 1 when the data connection works again.
  • the invention can also be meaningfully combined with checkpoints where a biometric feature is not included as an identification feature, but, for example, a password to be entered manually or a password, number, signal or even a mechanical key to be read out from a data store to be provided.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Lock And Its Accessories (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
EP07002999A 2006-02-13 2007-02-13 Système de contrôle d'autorisations de personnes à exécuter des activités autorisées Withdrawn EP1821262A3 (fr)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
AT0021806A AT503783B1 (de) 2006-02-13 2006-02-13 System zur kontrolle von berechtigungen von personen, zu autorisierende tätigkeiten durchzuführen

Publications (2)

Publication Number Publication Date
EP1821262A2 true EP1821262A2 (fr) 2007-08-22
EP1821262A3 EP1821262A3 (fr) 2008-05-21

Family

ID=38002009

Family Applications (1)

Application Number Title Priority Date Filing Date
EP07002999A Withdrawn EP1821262A3 (fr) 2006-02-13 2007-02-13 Système de contrôle d'autorisations de personnes à exécuter des activités autorisées

Country Status (2)

Country Link
EP (1) EP1821262A3 (fr)
AT (1) AT503783B1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009059595A1 (fr) * 2007-11-08 2009-05-14 Byometric Systems Ag Procédé et unité de commande pour identifier des personnes autorisées
WO2011161589A1 (fr) * 2010-06-21 2011-12-29 Telefonaktiebolaget L M Ericsson (Publ) Système et procédé pour la gestion d'informations d'identification personnelles
WO2013155237A1 (fr) * 2012-04-11 2013-10-17 Utc Fire & Security Corporation Rapport de mode d'authentification
EP3486877A1 (fr) * 2017-11-21 2019-05-22 Pascom Kommunikationssysteme GmbH Système d'autorisation

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1984002786A1 (fr) * 1983-01-10 1984-07-19 Figgie Int Inc Lecteur de carte ameliore pour systeme de securite
EP0990756A2 (fr) * 1998-09-28 2000-04-05 Anatoli Stobbe Système de commande d'accès
US6972660B1 (en) * 2002-05-15 2005-12-06 Lifecardid, Inc. System and method for using biometric data for providing identification, security, access and access records

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2950307B2 (ja) * 1997-11-28 1999-09-20 日本電気株式会社 個人認証装置と個人認証方法
US6496595B1 (en) * 2000-05-19 2002-12-17 Nextgenid, Ltd. Distributed biometric access control apparatus and method
DE10246664A1 (de) * 2002-10-07 2004-04-15 Dorma Gmbh + Co. Kg Zutrittskontrolleinheit und Verfahren zum Betrieb einer solchen Zutrittskontrolleinheit

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1984002786A1 (fr) * 1983-01-10 1984-07-19 Figgie Int Inc Lecteur de carte ameliore pour systeme de securite
EP0990756A2 (fr) * 1998-09-28 2000-04-05 Anatoli Stobbe Système de commande d'accès
US6972660B1 (en) * 2002-05-15 2005-12-06 Lifecardid, Inc. System and method for using biometric data for providing identification, security, access and access records

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009059595A1 (fr) * 2007-11-08 2009-05-14 Byometric Systems Ag Procédé et unité de commande pour identifier des personnes autorisées
WO2011161589A1 (fr) * 2010-06-21 2011-12-29 Telefonaktiebolaget L M Ericsson (Publ) Système et procédé pour la gestion d'informations d'identification personnelles
US8458779B2 (en) 2010-06-21 2013-06-04 Telefonaktiebolaget L M Ericsson (Publ) System and method for handling personal identification information
WO2013155237A1 (fr) * 2012-04-11 2013-10-17 Utc Fire & Security Corporation Rapport de mode d'authentification
CN104380351A (zh) * 2012-04-11 2015-02-25 Utc消防及保安公司 验证模式报告
EP3486877A1 (fr) * 2017-11-21 2019-05-22 Pascom Kommunikationssysteme GmbH Système d'autorisation

Also Published As

Publication number Publication date
AT503783A1 (de) 2007-12-15
AT503783B1 (de) 2009-02-15
EP1821262A3 (fr) 2008-05-21

Similar Documents

Publication Publication Date Title
EP2691940B1 (fr) Gestion de droits d'accès à des données de fonctionnement et/ou de commande de bâtiments ou complexes de bâtiments
EP3103057B1 (fr) Procédé d'accès à une baie physiquement sécurisée ainsi qu'infrastructure informatique
EP2595341B1 (fr) Gestion des droits d'utilisateurs et système de contrôle d'accès avec restriction de durée
EP3582033B1 (fr) Procédé de fonctionnement securisé d'un appareil de terrain
DE102020133597A1 (de) Personalprofile und fingerabdruckauthentifizierung für configuration engineering- und laufzeitanwendungen
EP3729385B1 (fr) Système de contrôle d'accès à fonction d'authentification radio et de saisie du mot de passe
CN108122313A (zh) 一种基于虹膜识别的双员认证门禁系统
EP3471068A1 (fr) Système distribué de génération des données à caractère personnel, procédé et produit programme informatique
EP3596709A1 (fr) Procédé de contrôle d'accès
EP1321901B1 (fr) Méthode pour contrôler les droits d'accès à un objet
AT503783B1 (de) System zur kontrolle von berechtigungen von personen, zu autorisierende tätigkeiten durchzuführen
EP3009992B1 (fr) Procede et dispositif de gestion d'autorisations d'acces
DE102010010760A1 (de) Verfahren zur Vergabe eines Schlüssels an ein einem drahtlosen Sensor-Aktor-Netz neu hinzuzufügendes Teilnehmergerät
EP2639729A2 (fr) Système de commande d'accès automatique pour la commande de l'accès à un objet physique et procédé
DE102010031932A1 (de) Verfahren zur Zugangskontrolle und entsprechende Vorrichtung
EP1828993A1 (fr) Installation de contrôle d'accès munie de plusieurs dispositifs de fermeture
EP3314844B1 (fr) Dispositif de traitement de données et procédé de fonctionnement dudit dispositif de traitement de données
WO2003023722A2 (fr) Procede de controle d'autorisation d'acces
DE102017123671B4 (de) System und Verfahren zum Verwalten von personenbezogenen Daten
AT502458B1 (de) Zutrittskontrollanlage
DE102006048186A1 (de) Verwaltung von Zugangsberechtigungen von Personen zu Räumlichkeiten von Gebäuden
EP3968188A1 (fr) Procédé de mise hors ou en tension sécurisée d'une installation
AT410489B (de) Anordnung zum überprüfen der benutzungsberechtigung für durch benutzerkennungen gesicherte einrichtungen
DE10129551B4 (de) Sichere mehrseitige Authentifikation von Geräten
EP1657661A2 (fr) Procédé destiné au contrôle des autorisations d'accés utilisateurs des fournisseurs de données sur Internet et autres réseaux d'équipements pour traitement de données

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA HR MK YU

PUAL Search report despatched

Free format text: ORIGINAL CODE: 0009013

AK Designated contracting states

Kind code of ref document: A3

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA HR MK RS

RIC1 Information provided on ipc code assigned before grant

Ipc: G07C 1/10 20060101ALI20080417BHEP

Ipc: G07C 9/00 20060101AFI20070515BHEP

AKX Designation fees paid
REG Reference to a national code

Ref country code: DE

Ref legal event code: 8566

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20081122