EP3147870A1 - Control panel for physical access control - Google Patents
Control panel for physical access control Download PDFInfo
- Publication number
- EP3147870A1 EP3147870A1 EP15187165.4A EP15187165A EP3147870A1 EP 3147870 A1 EP3147870 A1 EP 3147870A1 EP 15187165 A EP15187165 A EP 15187165A EP 3147870 A1 EP3147870 A1 EP 3147870A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- control panel
- mainboard
- baseboard
- processing unit
- central processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
- G07C2009/00412—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal being encrypted
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C2009/00753—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
- G07C2009/00769—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00944—Details of construction or manufacture
Definitions
- the invention pertains to the field of security engineering, particularly physical security.
- physical security describes any security measure that is designed to protect personnel or property from damage or harm. More specifically, access control is the selective restriction of access to facilities, equipment, and other physical resources. State-of-the-art electronic access control systems manage large user populations, controlling for user lifecycles times, dates, and individual access points.
- control panel any electronics panel that can interface with or control access to control system field devices such as credential readers, electrified locks, door position switches, and request-to-exit devices.
- credential readers such as credential readers, electrified locks, door position switches, and request-to-exit devices.
- An overview of such panels and associated networks is provided in NORMAN, Thomas L.Electronic Access Control. 1st edition. Oxford: Butterworth-Heinemann, 2012. ISBN 0123820286. p.221-239 .
- a system for physical access control is disclosed in US 8881252 B (BRIVO SYSTEMS, INC.) 04.11.2014 and includes, inter alia, a conventional control panel.
- the invention aims to provide an improved panel for physical access control.
- Any control panel according to Claim 1 bears the advantage that keys and particulars may be stored cryptographically secure.
- key material may be bound to the secure hardware of the main device in a non-exportable fashion, mitigating the risk of keys being extracting and protecting the latter from unauthorized use.
- a control panel according to Claim 2 proves scalable for a wide variety of deployment scenarios.
- Claim 3 allow for even improved protective mechanisms using configurable event triggers that facilitate a partial or complete auto-purge of the panel's internal database in case of tampering. This way, a potential attacker may be denied access to any data worthy of protection.
- the subject-matter of Claim 4 implements a concept of high serviceability: Pertinent data such as assigned bus addresses are routinely mirrored between the main device and add-on module. Such added redundancy allows for the unskilled service technician to replace either component as required, causing the substitute device to import its complete configuration from the senior peer.
- An embodiment according to Claim 5 allows for legacy front ends such as various magnetic contacts, locks, and release buzzers to be controlled.
- Claim 6 permit a single cable to provide both data connection and electrical power to the control panel and add-on module or modules.
- Claim 7 defines a control panel that may be conveniently mounted inside an equipment rack shared with circuit breakers and other industrial control equipment.
- the control panel may support a regular wall mount.
- the variant of Claim 8 takes account of the fact that off-the-shelf radio-frequency identification (RFID) readers are delivered with factory default settings. Such third-party devices are typically prepared to be configured by means of an RFID card, mobile handhelds, or radio USB dongles, often in conjunction with proprietary software accompanying the product. For these types of generic readers, the claimed subject matter permits the control panel to imitate an RFID tag upon interrogation, thus also eliminating the risk of losing or misplacing the physical configuration card.
- RFID radio-frequency identification
- a control panel according to Claim 9 offers a most versatile user interface for stand-alone operation.
- An embodiment according to Claim 12 fulfils the most critical prerequisites for installing an advanced mobile operating system such as Android 4.4 or later. Though its widespread popularity, use of the Android operating system prepares the control panel for the use of numerous libraries and application programming interfaces (APIs) that mitigate hardware integration effort and risk of functional defects such as in the panel's firmware.
- APIs application programming interfaces
- Claim 13 enable a local web service to be used as a communication handler, offering various standard protocols for communicating with arbitrary host systems. Also, by maintaining an additional local web server, any functional parameters required for operating the panel may be accessed through the device's configuration homepage.
- Claim 14 defines a control panel that meets the Common Criteria for an at least semi-formally designed and tested target of evaluation (EAL5+), thus qualifying the device for a high level of independently assured security.
- EAL5+ at least semi-formally designed and tested target of evaluation
- control panel according to Claim 15 is prepared for data privacy protection as may be required by national regulations such as the German Federal Data Protection Act or United States Privacy Act.
- FIG. 1 is an overview of a control panel (10) for physical access control according to an embodiment of the invention.
- the control panel (10) is composed of a main device (11), which serves to control an arbitrary number of conventional front ends (not depicted), and an add-on module (17), which basically serves to adapted a limited number of those front ends to the main device (11).
- the main device (11) and add-on module (17) are adapted to be mounted on a joint DIN rail or side by side on a wall.
- the main device (11) essentially consists of a generic first baseboard (18), an application-specific mainboard (12) carried by the first baseboard (18), and a user interface (13) connected to the mainboard (12), the user interface (13) of the present embodiment comprising light-emitting diodes (35), buttons (36), and an optional liquid-crystal display (37).
- the add-on module (17) comprises a second baseboard (19), the mainboard (12) and second baseboard (19) each being connected to the first baseboard (18) through an interface (20) and a power supply (21, 33).
- the mainboard (12) comprises a quad-core central processing unit (14) based on a reduced instruction-set computing (RISC) architecture, 1 GB of random-access memory (42) connected to the central processing unit (14) through a memory bus (43), and an additional 8 GB of flash memory (15) connected to the central processing unit (14) for storing access profiles and transactional data.
- the mainboard (12) based on the aforementioned specifications, is prepared to operate an Android system - as maintained by Google Inc. -, manage its data using a relational database management system (RDBMS), and even host a web service for configuring the access profiles through a host, web browser, or application-specific client.
- RDBMS relational database management system
- the mainboard (12) further comprises a secure element (16, 44) connected to the central processing unit (14) for storing cryptographic keys, which in the present embodiment are used both to authenticate the control panel (10) to its front ends as well as to encrypt the transactional data stored in flash memory (15).
- the secure element (16, 44) takes the form of an integrated circuit (16) brazed to the mainboard (12).
- a trusted platform module (TPM) microcontroller as specified in ISO/IEC 11889 offers a particularly powerful cryptoprocessor.
- an alternative may make use of an optional subscriber identity module (44) as defined by the 3 rd Generation Partnership Project (3GPP).
- the subscriber identity module (44) may take the form of a Java Card as specified by Oracle Corporation.
- the module (44) may be based on the Java Card OpenPlatform (JCOP) serviced by NXP Semiconductors, include a memory chip model trademarked by NXP as MIFARE, and feature MIFARE DESFire EV1 emulation as a proprietary Java Card API extension.
- JCOP Java Card OpenPlatform
- NXP Semiconductors include a memory chip model trademarked by NXP as MIFARE, and feature MIFARE DESFire EV1 emulation as a proprietary Java Card API extension.
- Corresponding contactless services are specified by Amendment C to the GlobalPlatform (GP) 2.2.1 architectural component of the JCOP.
- the mainboard (12) further comprises, inter alia, an Ethernet physical transceiver (30) connected to the central processing unit (14) through a media-independent interface (31), a short-range radio frequency module (38) connected to the central processing unit (14) through a universal asynchronous receiver/transmitter (39), and an embedded low-energy Bluetooth and Wi-Fi module (40) connected to the central processing unit (14) through a secure digital input/output (41) interface (20).
- an Ethernet physical transceiver (30) connected to the central processing unit (14) through a media-independent interface (31)
- a short-range radio frequency module (38) connected to the central processing unit (14) through a universal asynchronous receiver/transmitter (39)
- an embedded low-energy Bluetooth and Wi-Fi module (40) connected to the central processing unit (14) through a secure digital input/output (41) interface (20).
- the low-energy Bluetooth module (40) supports the iBeacon protocol standardized by Apple Inc., taking the form of a so-called beacon.
- the mainboard (12) may be adapted to broadcast its identifier to nearby portable electronic devices such as smartphones and tablets. Using a compatible app and operating system, maintenance personnel can thus be guided indoors to the approximate location of a specific control panel (10).
- Figure 3 depicts the first baseboard (18). Aside from a power converter (32) feeding the power supply (21, 33) and sourcing its power over Ethernet (34), the first baseboard (18) most notably comprises a tamper detector (22) connected to the mainboard (12) through a general-purpose input/output (23).
- the tamper detector (22) serves a two-fold purpose: While physical intrusion into the main device (11) will trigger a first type of event, an integrated absolute position transducer and acceleration sensor will trigger a second type event. Such discrimination enables the security administrator to configure a distinct action to be performed in response to each of the two events.
- the second baseboard (19) for each of its attachable front ends, comprises an RS-485 transceiver (25) - connected to the first baseboard (18) through a serial network bus (26) - as well as two air-gap switches (27, 28) connected to the first baseboard (18) through an inter-integrated circuit (29).
- the invention is applicable throughout the security industry.
Abstract
Description
- The invention pertains to the field of security engineering, particularly physical security.
- Throughout the above-mentioned field, physical security describes any security measure that is designed to protect personnel or property from damage or harm. More specifically, access control is the selective restriction of access to facilities, equipment, and other physical resources. State-of-the-art electronic access control systems manage large user populations, controlling for user lifecycles times, dates, and individual access points.
- In this context, by "control panel" is meant any electronics panel that can interface with or control access to control system field devices such as credential readers, electrified locks, door position switches, and request-to-exit devices. An overview of such panels and associated networks is provided in NORMAN, Thomas L.Electronic Access Control. 1st edition. Oxford: Butterworth-Heinemann, 2012. ISBN 0123820286. p.221-239.
- A system for physical access control is disclosed in
US 8881252 B (BRIVO SYSTEMS, INC.) 04.11.2014 and includes, inter alia, a conventional control panel. - The invention aims to provide an improved panel for physical access control.
- A downside of conventional control panels lies in their sometimes inadequate level of security.
- The problem is solved by the feature recited in Claim 1.
- Any control panel according to Claim 1 bears the advantage that keys and particulars may be stored cryptographically secure. To this end, key material may be bound to the secure hardware of the main device in a non-exportable fashion, mitigating the risk of keys being extracting and protecting the latter from unauthorized use.
- By integrating a functional module that may be dimensioned for the use case and peripherals at hand, a control panel according to Claim 2 proves scalable for a wide variety of deployment scenarios.
- The features recited in Claim 3 allow for even improved protective mechanisms using configurable event triggers that facilitate a partial or complete auto-purge of the panel's internal database in case of tampering. This way, a potential attacker may be denied access to any data worthy of protection.
- The subject-matter of Claim 4 implements a concept of high serviceability: Pertinent data such as assigned bus addresses are routinely mirrored between the main device and add-on module. Such added redundancy allows for the unskilled service technician to replace either component as required, causing the substitute device to import its complete configuration from the senior peer.
- An embodiment according to Claim 5 allows for legacy front ends such as various magnetic contacts, locks, and release buzzers to be controlled.
- The added features of Claim 6 permit a single cable to provide both data connection and electrical power to the control panel and add-on module or modules.
- Claim 7 defines a control panel that may be conveniently mounted inside an equipment rack shared with circuit breakers and other industrial control equipment. As an alternative, the control panel may support a regular wall mount.
- The variant of Claim 8 takes account of the fact that off-the-shelf radio-frequency identification (RFID) readers are delivered with factory default settings. Such third-party devices are typically prepared to be configured by means of an RFID card, mobile handhelds, or radio USB dongles, often in conjunction with proprietary software accompanying the product. For these types of generic readers, the claimed subject matter permits the control panel to imitate an RFID tag upon interrogation, thus also eliminating the risk of losing or misplacing the physical configuration card.
- A control panel according to Claim 9 offers a most versatile user interface for stand-alone operation.
- The features recited in
Claim 10 andClaim 11, respectively, let users of a corresponding control panel choose between various stationary and mobile configuration scenarios. For instance, assuming a user has been assigned the role of a security administrator, her Bluetooth-enabled portable device - referenced by unique identification - may be authorized to connect to the control panel peer-to-peer, allowing her to customize the control panel on site. - An embodiment according to Claim 12 fulfils the most critical prerequisites for installing an advanced mobile operating system such as Android 4.4 or later. Though its widespread popularity, use of the Android operating system prepares the control panel for the use of numerous libraries and application programming interfaces (APIs) that mitigate hardware integration effort and risk of functional defects such as in the panel's firmware.
- The added features of
Claim 13 enable a local web service to be used as a communication handler, offering various standard protocols for communicating with arbitrary host systems. Also, by maintaining an additional local web server, any functional parameters required for operating the panel may be accessed through the device's configuration homepage. -
Claim 14 defines a control panel that meets the Common Criteria for an at least semi-formally designed and tested target of evaluation (EAL5+), thus qualifying the device for a high level of independently assured security. - Lastly, a control panel according to
Claim 15, assuming the use of a sufficient key length, is prepared for data privacy protection as may be required by national regulations such as the German Federal Data Protection Act or United States Privacy Act. -
-
Figure 1 is a block diagram of a control panel according to the invention. -
Figure 2 is a block diagram of a mainboard. -
Figure 3 is a block diagram of a first baseboard. -
Figure 4 is a block diagram of a second baseboard. -
Figure 1 is an overview of a control panel (10) for physical access control according to an embodiment of the invention. In this embodiment, the control panel (10) is composed of a main device (11), which serves to control an arbitrary number of conventional front ends (not depicted), and an add-on module (17), which basically serves to adapted a limited number of those front ends to the main device (11). Physically, the main device (11) and add-on module (17) are adapted to be mounted on a joint DIN rail or side by side on a wall. - The main device (11) essentially consists of a generic first baseboard (18), an application-specific mainboard (12) carried by the first baseboard (18), and a user interface (13) connected to the mainboard (12), the user interface (13) of the present embodiment comprising light-emitting diodes (35), buttons (36), and an optional liquid-crystal display (37). The add-on module (17) comprises a second baseboard (19), the mainboard (12) and second baseboard (19) each being connected to the first baseboard (18) through an interface (20) and a power supply (21, 33).
-
Figure 2 elucidates the mainboard (12) in further detail. As may be gathered from this drawing, the mainboard (12) comprises a quad-core central processing unit (14) based on a reduced instruction-set computing (RISC) architecture, 1 GB of random-access memory (42) connected to the central processing unit (14) through a memory bus (43), and an additional 8 GB of flash memory (15) connected to the central processing unit (14) for storing access profiles and transactional data. The mainboard (12), based on the aforementioned specifications, is prepared to operate an Android system - as maintained by Google Inc. -, manage its data using a relational database management system (RDBMS), and even host a web service for configuring the access profiles through a host, web browser, or application-specific client. - As an essential element of the invention, the mainboard (12) further comprises a secure element (16, 44) connected to the central processing unit (14) for storing cryptographic keys, which in the present embodiment are used both to authenticate the control panel (10) to its front ends as well as to encrypt the transactional data stored in flash memory (15). On the mainboard (12) at hand, the secure element (16, 44) takes the form of an integrated circuit (16) brazed to the mainboard (12). Specifically, a trusted platform module (TPM) microcontroller as specified in ISO/IEC 11889 offers a particularly powerful cryptoprocessor. However, an alternative may make use of an optional subscriber identity module (44) as defined by the 3rd Generation Partnership Project (3GPP).
- In a preferred embodiment, the subscriber identity module (44) may take the form of a Java Card as specified by Oracle Corporation. Specifically, the module (44) may be based on the Java Card OpenPlatform (JCOP) serviced by NXP Semiconductors, include a memory chip model trademarked by NXP as MIFARE, and feature MIFARE DESFire EV1 emulation as a proprietary Java Card API extension. Corresponding contactless services are specified by Amendment C to the GlobalPlatform (GP) 2.2.1 architectural component of the JCOP.
- The mainboard (12) further comprises, inter alia, an Ethernet physical transceiver (30) connected to the central processing unit (14) through a media-independent interface (31), a short-range radio frequency module (38) connected to the central processing unit (14) through a universal asynchronous receiver/transmitter (39), and an embedded low-energy Bluetooth and Wi-Fi module (40) connected to the central processing unit (14) through a secure digital input/output (41) interface (20).
- Preferably, the low-energy Bluetooth module (40) supports the iBeacon protocol standardized by Apple Inc., taking the form of a so-called beacon. Based on such transmitter, the mainboard (12) may be adapted to broadcast its identifier to nearby portable electronic devices such as smartphones and tablets. Using a compatible app and operating system, maintenance personnel can thus be guided indoors to the approximate location of a specific control panel (10).
-
Figure 3 depicts the first baseboard (18). Aside from a power converter (32) feeding the power supply (21, 33) and sourcing its power over Ethernet (34), the first baseboard (18) most notably comprises a tamper detector (22) connected to the mainboard (12) through a general-purpose input/output (23). In the present embodiment, the tamper detector (22) serves a two-fold purpose: While physical intrusion into the main device (11) will trigger a first type of event, an integrated absolute position transducer and acceleration sensor will trigger a second type event. Such discrimination enables the security administrator to configure a distinct action to be performed in response to each of the two events. - Similarly, now referencing
Figure 4 , the second baseboard (19), for each of its attachable front ends, comprises an RS-485 transceiver (25) - connected to the first baseboard (18) through a serial network bus (26) - as well as two air-gap switches (27, 28) connected to the first baseboard (18) through an inter-integrated circuit (29). - First and foremost, the invention is applicable throughout the security industry.
- Similar reference signs denote corresponding features consistently throughout the attached drawings:
- 10
- Control panel
- 11
- Main device
- 12
- Mainboard
- 13
- User interface
- 14
- Central processing unit (CPU)
- 15
- Flash memory
- 16
- Secure element (brazed)
- 17
- Add-on module
- 18
- First baseboard
- 19
- Second baseboard
- 20
- Interface
- 21
- Internal system supply
- 22
- Tamper detector
- 23
- General-purpose input/output
- 24
- For each front end
- 25
- RS-485 transceiver and termination
- 26
- Universal serial bus
- 27
- First air-gap switch
- 28
- Second air-gap switch
- 29
- Inter-integrated circuit (I2C)
- 30
- Ethernet physical transceiver (PHY)
- 31
- Media-independent interface
- 32
- DC/DC power converter
- 33
- Supply for reader, door opener and add-on modules
- 34
- Power over Ethernet plus (PoE+)
- 35
- Light-emitting diode (LED)
- 36
- Button
- 37
- Liquid-crystal display (LCD)
- 38
- Short-range radio frequency (RF) module
- 39
- Universal asynchronous receiver/transmitter (UART)
- 40
- Wireless-fidelity (Wi-Fi) module
- 41
- Secure digital input/output (SDIO)
- 42
- DDR3 random-access memory (RAM)
- 43
- DDR3 memory bus
- 44
- Subscriber identity module (SIM)
- 45
- Module bus connector
- The following literature is cited throughout this document.
-
US 8881252 B (BRIVO SYSTEMS, INC.) 04.11.2014 - NORMAN, Thomas L.Electronic Access Control. 1st edition. Oxford: Butterworth-Heinemann, 2012. ISBN 0123820286. p.221-239.
Claims (15)
- Control panel (10) for physical access control,
comprising a main device (11) comprising
a mainboard (12) for controlling front ends connected to the control panel (10) and a user interface (13) connected to the mainboard (12) for operating the control panel (10),
wherein the mainboard (12) comprises a central processing unit (14) and flash memory (15) connected to the central processing unit (14) for storing access profiles and transactional data,
characterized in that
the mainboard (12) further comprises a secure element (16, 44) connected to the central processing unit (14) for storing cryptographic keys, wherein the mainboard (12) is adapted to control the front ends securely using the cryptographic keys. - Control panel (10) according to Claim 1,
characterized in
an add-on module (17) for connecting the front ends to the main device (11), wherein the main device (11) further comprises a first baseboard (18), the add-on module (17) comprises a second baseboard (19), and the mainboard (12) and second baseboard (19) are each connected to the first baseboard (18) through an interface (20) and a power supply (21, 33). - Control panel (10) according to Claim 2,
characterized in that
at least the first baseboard (18) comprises a tamper detector (22) connected to the mainboard (12) through a general-purpose input/output (23). - Control panel (10) according to Claim 2 or Claim 3,
characterized in that,
for each front end (24), the second baseboard (19) comprises an RS-485 transceiver (25) connected to the first baseboard (18) through a serial network bus (26). - Control panel (10) according to any of Claim 2 to Claim 4,
characterized in that
for each front end (24), the second baseboard (19) comprises air-gap switches (27, 28) connected to the first baseboard (18) through an inter-integrated circuit (29). - Control panel (10) according to any of Claim 2 to Claim 5,
characterized in that
the mainboard (12) further comprises an Ethernet physical transceiver (30) connected to the central processing unit (14) through a media-independent interface (31),
the first baseboard (18) comprises at least one power converter (32) connected to the power supply (21, 33), and
the power supply (21, 33) is adapted to source power over Ethernet (34) through the power converter (32). - Control panel (10) according to any of Claim 2 to Claim 6,
characterized in that
the main device (11) and add-on module (17) are adapted to be mounted on a joint DIN rail or side by side on a wall. - Control panel (10) according to any of the preceding claims,
characterized in that
the control panel (10) comprises an antenna module for emulating a radio-frequency identification card. - Control panel (10) according to any of the preceding claims,
characterized in that
the user interface (13) comprises light-emitting diodes (35), buttons (36), and preferably a liquid-crystal display (37). - Control panel (10) according to any of the preceding claims,
characterized in that
the mainboard (12) further comprises a
short-range radio frequency module (38) connected to the central processing unit (14) through a
universal asynchronous receiver/transmitter (39) and an embedded Wi-Fi module (40) connected to the central processing unit (14) through a secure digital input/output (41). - Control panel (10) according to Claim 10,
characterized in that
the Wi-Fi module (40) is adapted to support a personal-area network, preferably Bluetooth. - Control panel (10) according to any of the preceding claims,
characterized in that
the central processing unit (14) is based on a reduced instruction-set computing architecture and
the mainboard (12) further comprises random-access memory (42) connected to the central processing unit (14) through a memory bus (43). - Control panel (10) according to Claim 12,
characterized in that
the mainboard (12) is further adapted to host a web service for configuring the access profiles using the cryptographic keys. - Control panel (10) according to any of the preceding claims,
characterized in that
the secure element (16, 44) takes the form of a subscriber identity module (44) or an integrated circuit (16) brazed to the mainboard (12). - Control panel (10) according to any of the preceding claims,
characterized in that
the mainboard (12) is further adapted to encrypt the transactional data using the cryptographic keys.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP15187165.4A EP3147870A1 (en) | 2015-09-28 | 2015-09-28 | Control panel for physical access control |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP15187165.4A EP3147870A1 (en) | 2015-09-28 | 2015-09-28 | Control panel for physical access control |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3147870A1 true EP3147870A1 (en) | 2017-03-29 |
Family
ID=54252020
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP15187165.4A Withdrawn EP3147870A1 (en) | 2015-09-28 | 2015-09-28 | Control panel for physical access control |
Country Status (1)
Country | Link |
---|---|
EP (1) | EP3147870A1 (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002005220A1 (en) * | 2000-07-12 | 2002-01-17 | Network Systems Group Limited | Integrated telephone/proximity access control system |
US20110140837A1 (en) * | 2011-02-22 | 2011-06-16 | Tiffany Cassandra-Do Lam | Universal security access control |
US20130287211A1 (en) * | 2010-11-03 | 2013-10-31 | Gemalto Sa | System for accessing a service and corresponding portable device and method |
US20140250956A1 (en) * | 2013-03-11 | 2014-09-11 | Kwikset Corporation | Electronic deadbolt |
US8881252B2 (en) | 2013-03-14 | 2014-11-04 | Brivo Systems, Inc. | System and method for physical access control |
US20150170449A1 (en) * | 2005-02-04 | 2015-06-18 | Edmonds H. Chandler, Jr. | Method and apparatus for a merged power-communication cable in door security environment |
-
2015
- 2015-09-28 EP EP15187165.4A patent/EP3147870A1/en not_active Withdrawn
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002005220A1 (en) * | 2000-07-12 | 2002-01-17 | Network Systems Group Limited | Integrated telephone/proximity access control system |
US20150170449A1 (en) * | 2005-02-04 | 2015-06-18 | Edmonds H. Chandler, Jr. | Method and apparatus for a merged power-communication cable in door security environment |
US20130287211A1 (en) * | 2010-11-03 | 2013-10-31 | Gemalto Sa | System for accessing a service and corresponding portable device and method |
US20110140837A1 (en) * | 2011-02-22 | 2011-06-16 | Tiffany Cassandra-Do Lam | Universal security access control |
US20140250956A1 (en) * | 2013-03-11 | 2014-09-11 | Kwikset Corporation | Electronic deadbolt |
US8881252B2 (en) | 2013-03-14 | 2014-11-04 | Brivo Systems, Inc. | System and method for physical access control |
Non-Patent Citations (1)
Title |
---|
NORMAN, THOMAS L.: "Electronic Access Control.", 2012, BUTTERWORTH-HEINEMANN, pages: 221 - 239 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9563794B2 (en) | Method for upgrading RFID readers in situ | |
CN104050510A (en) | Intelligent room reservation system based on mobile terminal | |
GB2516686A (en) | Communication method and system | |
CN102831721A (en) | Intelligent safe deposit box system and control method | |
CN105592403B (en) | NFC-based communication device and method | |
CN105046775A (en) | Device for unlocking time domain two-dimension code | |
CN203191973U (en) | Electronic device with dual systems | |
WO2015045345A1 (en) | Communication apparatus, setting program, and distribution switchboard incorporating communication apparatus | |
GB2533675A (en) | Communication method and system | |
CN111599042A (en) | Unlocking method, self-service storage device, terminal equipment, server and system | |
US10075435B1 (en) | Device deregistration using forward-chaining encryption | |
AU2021273648B2 (en) | Multi-use near field communication front end on a point of sale system | |
EP3182384B2 (en) | Improved physical access control system | |
KR101495884B1 (en) | Apparatus and method for managing asset using one-chip using including wifi module, bluetooth moduel and nfc tag | |
EP3147870A1 (en) | Control panel for physical access control | |
CN204904393U (en) | Time domain two -dimensional code unlocking device | |
US9582684B2 (en) | Method for configuring an application for an end device | |
CN204216909U (en) | Special service system information safety device | |
EP3561666B1 (en) | Mobile device with access rights management | |
US20200234264A1 (en) | Multi-use near field communication front end on a point of sale system | |
KR20190017041A (en) | How to manage security elements | |
US9489668B2 (en) | Electronic payment device | |
KR20140021331A (en) | Digital protective relay and power meter | |
EP3591902A1 (en) | Mobile device showing plant view and dashboard | |
CN204360446U (en) | A kind of Fingerprint Lock transponder |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20170829 |
|
RAV | Requested validation state of the european patent: fee paid |
Extension state: MA Effective date: 20170829 |
|
RAX | Requested extension states of the european patent have changed |
Extension state: BA Payment date: 20170829 Extension state: ME Payment date: 20170829 |
|
RBV | Designated contracting states (corrected) |
Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
19U | Interruption of proceedings before grant |
Effective date: 20191230 |
|
19W | Proceedings resumed before grant after interruption of proceedings |
Effective date: 20200901 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: XCCELO SYSTEMS GMBH |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20210401 |