EP3147870A1 - Control panel for physical access control - Google Patents

Control panel for physical access control Download PDF

Info

Publication number
EP3147870A1
EP3147870A1 EP15187165.4A EP15187165A EP3147870A1 EP 3147870 A1 EP3147870 A1 EP 3147870A1 EP 15187165 A EP15187165 A EP 15187165A EP 3147870 A1 EP3147870 A1 EP 3147870A1
Authority
EP
European Patent Office
Prior art keywords
control panel
mainboard
baseboard
processing unit
central processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP15187165.4A
Other languages
German (de)
French (fr)
Inventor
Jochen Becker
Dietmar Zappel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xccelo Systems GmbH
Original Assignee
Ileso Engineering GmbH
Ileso Eng GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ileso Engineering GmbH, Ileso Eng GmbH filed Critical Ileso Engineering GmbH
Priority to EP15187165.4A priority Critical patent/EP3147870A1/en
Publication of EP3147870A1 publication Critical patent/EP3147870A1/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00412Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal being encrypted
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C2009/00753Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
    • G07C2009/00769Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00944Details of construction or manufacture

Definitions

  • the invention pertains to the field of security engineering, particularly physical security.
  • physical security describes any security measure that is designed to protect personnel or property from damage or harm. More specifically, access control is the selective restriction of access to facilities, equipment, and other physical resources. State-of-the-art electronic access control systems manage large user populations, controlling for user lifecycles times, dates, and individual access points.
  • control panel any electronics panel that can interface with or control access to control system field devices such as credential readers, electrified locks, door position switches, and request-to-exit devices.
  • credential readers such as credential readers, electrified locks, door position switches, and request-to-exit devices.
  • An overview of such panels and associated networks is provided in NORMAN, Thomas L.Electronic Access Control. 1st edition. Oxford: Butterworth-Heinemann, 2012. ISBN 0123820286. p.221-239 .
  • a system for physical access control is disclosed in US 8881252 B (BRIVO SYSTEMS, INC.) 04.11.2014 and includes, inter alia, a conventional control panel.
  • the invention aims to provide an improved panel for physical access control.
  • Any control panel according to Claim 1 bears the advantage that keys and particulars may be stored cryptographically secure.
  • key material may be bound to the secure hardware of the main device in a non-exportable fashion, mitigating the risk of keys being extracting and protecting the latter from unauthorized use.
  • a control panel according to Claim 2 proves scalable for a wide variety of deployment scenarios.
  • Claim 3 allow for even improved protective mechanisms using configurable event triggers that facilitate a partial or complete auto-purge of the panel's internal database in case of tampering. This way, a potential attacker may be denied access to any data worthy of protection.
  • the subject-matter of Claim 4 implements a concept of high serviceability: Pertinent data such as assigned bus addresses are routinely mirrored between the main device and add-on module. Such added redundancy allows for the unskilled service technician to replace either component as required, causing the substitute device to import its complete configuration from the senior peer.
  • An embodiment according to Claim 5 allows for legacy front ends such as various magnetic contacts, locks, and release buzzers to be controlled.
  • Claim 6 permit a single cable to provide both data connection and electrical power to the control panel and add-on module or modules.
  • Claim 7 defines a control panel that may be conveniently mounted inside an equipment rack shared with circuit breakers and other industrial control equipment.
  • the control panel may support a regular wall mount.
  • the variant of Claim 8 takes account of the fact that off-the-shelf radio-frequency identification (RFID) readers are delivered with factory default settings. Such third-party devices are typically prepared to be configured by means of an RFID card, mobile handhelds, or radio USB dongles, often in conjunction with proprietary software accompanying the product. For these types of generic readers, the claimed subject matter permits the control panel to imitate an RFID tag upon interrogation, thus also eliminating the risk of losing or misplacing the physical configuration card.
  • RFID radio-frequency identification
  • a control panel according to Claim 9 offers a most versatile user interface for stand-alone operation.
  • An embodiment according to Claim 12 fulfils the most critical prerequisites for installing an advanced mobile operating system such as Android 4.4 or later. Though its widespread popularity, use of the Android operating system prepares the control panel for the use of numerous libraries and application programming interfaces (APIs) that mitigate hardware integration effort and risk of functional defects such as in the panel's firmware.
  • APIs application programming interfaces
  • Claim 13 enable a local web service to be used as a communication handler, offering various standard protocols for communicating with arbitrary host systems. Also, by maintaining an additional local web server, any functional parameters required for operating the panel may be accessed through the device's configuration homepage.
  • Claim 14 defines a control panel that meets the Common Criteria for an at least semi-formally designed and tested target of evaluation (EAL5+), thus qualifying the device for a high level of independently assured security.
  • EAL5+ at least semi-formally designed and tested target of evaluation
  • control panel according to Claim 15 is prepared for data privacy protection as may be required by national regulations such as the German Federal Data Protection Act or United States Privacy Act.
  • FIG. 1 is an overview of a control panel (10) for physical access control according to an embodiment of the invention.
  • the control panel (10) is composed of a main device (11), which serves to control an arbitrary number of conventional front ends (not depicted), and an add-on module (17), which basically serves to adapted a limited number of those front ends to the main device (11).
  • the main device (11) and add-on module (17) are adapted to be mounted on a joint DIN rail or side by side on a wall.
  • the main device (11) essentially consists of a generic first baseboard (18), an application-specific mainboard (12) carried by the first baseboard (18), and a user interface (13) connected to the mainboard (12), the user interface (13) of the present embodiment comprising light-emitting diodes (35), buttons (36), and an optional liquid-crystal display (37).
  • the add-on module (17) comprises a second baseboard (19), the mainboard (12) and second baseboard (19) each being connected to the first baseboard (18) through an interface (20) and a power supply (21, 33).
  • the mainboard (12) comprises a quad-core central processing unit (14) based on a reduced instruction-set computing (RISC) architecture, 1 GB of random-access memory (42) connected to the central processing unit (14) through a memory bus (43), and an additional 8 GB of flash memory (15) connected to the central processing unit (14) for storing access profiles and transactional data.
  • the mainboard (12) based on the aforementioned specifications, is prepared to operate an Android system - as maintained by Google Inc. -, manage its data using a relational database management system (RDBMS), and even host a web service for configuring the access profiles through a host, web browser, or application-specific client.
  • RDBMS relational database management system
  • the mainboard (12) further comprises a secure element (16, 44) connected to the central processing unit (14) for storing cryptographic keys, which in the present embodiment are used both to authenticate the control panel (10) to its front ends as well as to encrypt the transactional data stored in flash memory (15).
  • the secure element (16, 44) takes the form of an integrated circuit (16) brazed to the mainboard (12).
  • a trusted platform module (TPM) microcontroller as specified in ISO/IEC 11889 offers a particularly powerful cryptoprocessor.
  • an alternative may make use of an optional subscriber identity module (44) as defined by the 3 rd Generation Partnership Project (3GPP).
  • the subscriber identity module (44) may take the form of a Java Card as specified by Oracle Corporation.
  • the module (44) may be based on the Java Card OpenPlatform (JCOP) serviced by NXP Semiconductors, include a memory chip model trademarked by NXP as MIFARE, and feature MIFARE DESFire EV1 emulation as a proprietary Java Card API extension.
  • JCOP Java Card OpenPlatform
  • NXP Semiconductors include a memory chip model trademarked by NXP as MIFARE, and feature MIFARE DESFire EV1 emulation as a proprietary Java Card API extension.
  • Corresponding contactless services are specified by Amendment C to the GlobalPlatform (GP) 2.2.1 architectural component of the JCOP.
  • the mainboard (12) further comprises, inter alia, an Ethernet physical transceiver (30) connected to the central processing unit (14) through a media-independent interface (31), a short-range radio frequency module (38) connected to the central processing unit (14) through a universal asynchronous receiver/transmitter (39), and an embedded low-energy Bluetooth and Wi-Fi module (40) connected to the central processing unit (14) through a secure digital input/output (41) interface (20).
  • an Ethernet physical transceiver (30) connected to the central processing unit (14) through a media-independent interface (31)
  • a short-range radio frequency module (38) connected to the central processing unit (14) through a universal asynchronous receiver/transmitter (39)
  • an embedded low-energy Bluetooth and Wi-Fi module (40) connected to the central processing unit (14) through a secure digital input/output (41) interface (20).
  • the low-energy Bluetooth module (40) supports the iBeacon protocol standardized by Apple Inc., taking the form of a so-called beacon.
  • the mainboard (12) may be adapted to broadcast its identifier to nearby portable electronic devices such as smartphones and tablets. Using a compatible app and operating system, maintenance personnel can thus be guided indoors to the approximate location of a specific control panel (10).
  • Figure 3 depicts the first baseboard (18). Aside from a power converter (32) feeding the power supply (21, 33) and sourcing its power over Ethernet (34), the first baseboard (18) most notably comprises a tamper detector (22) connected to the mainboard (12) through a general-purpose input/output (23).
  • the tamper detector (22) serves a two-fold purpose: While physical intrusion into the main device (11) will trigger a first type of event, an integrated absolute position transducer and acceleration sensor will trigger a second type event. Such discrimination enables the security administrator to configure a distinct action to be performed in response to each of the two events.
  • the second baseboard (19) for each of its attachable front ends, comprises an RS-485 transceiver (25) - connected to the first baseboard (18) through a serial network bus (26) - as well as two air-gap switches (27, 28) connected to the first baseboard (18) through an inter-integrated circuit (29).
  • the invention is applicable throughout the security industry.

Abstract

Problem
A downside of conventional control panels lies in their sometimes inadequate level of security.
Solution
The problem is solved by a control panel (10) for physical access control, comprising a main device (11) comprising a mainboard (12) for controlling front ends connected to the control panel (10) and a user interface (13) connected to the mainboard (12) for operating the control panel (10), wherein the mainboard (12) comprises a central processing unit, flash memory connected to the central processing unit for storing access profiles and transactional data, and a secure element connected to the central processing unit for storing cryptographic keys, wherein the mainboard (12) is adapted to control the front ends securely using the cryptographic keys.

Description

    Technical Field
  • The invention pertains to the field of security engineering, particularly physical security.
    • Background Art
  • Throughout the above-mentioned field, physical security describes any security measure that is designed to protect personnel or property from damage or harm. More specifically, access control is the selective restriction of access to facilities, equipment, and other physical resources. State-of-the-art electronic access control systems manage large user populations, controlling for user lifecycles times, dates, and individual access points.
  • In this context, by "control panel" is meant any electronics panel that can interface with or control access to control system field devices such as credential readers, electrified locks, door position switches, and request-to-exit devices. An overview of such panels and associated networks is provided in NORMAN, Thomas L.Electronic Access Control. 1st edition. Oxford: Butterworth-Heinemann, 2012. ISBN 0123820286. p.221-239.
  • A system for physical access control is disclosed in US 8881252 B (BRIVO SYSTEMS, INC.) 04.11.2014 and includes, inter alia, a conventional control panel.
    • Summary of invention
  • The invention aims to provide an improved panel for physical access control.
    • Technical Problem
  • A downside of conventional control panels lies in their sometimes inadequate level of security.
    • Solution to Problem
  • The problem is solved by the feature recited in Claim 1.
    • Advantageous effect of invention
  • Any control panel according to Claim 1 bears the advantage that keys and particulars may be stored cryptographically secure. To this end, key material may be bound to the secure hardware of the main device in a non-exportable fashion, mitigating the risk of keys being extracting and protecting the latter from unauthorized use.
  • By integrating a functional module that may be dimensioned for the use case and peripherals at hand, a control panel according to Claim 2 proves scalable for a wide variety of deployment scenarios.
  • The features recited in Claim 3 allow for even improved protective mechanisms using configurable event triggers that facilitate a partial or complete auto-purge of the panel's internal database in case of tampering. This way, a potential attacker may be denied access to any data worthy of protection.
  • The subject-matter of Claim 4 implements a concept of high serviceability: Pertinent data such as assigned bus addresses are routinely mirrored between the main device and add-on module. Such added redundancy allows for the unskilled service technician to replace either component as required, causing the substitute device to import its complete configuration from the senior peer.
  • An embodiment according to Claim 5 allows for legacy front ends such as various magnetic contacts, locks, and release buzzers to be controlled.
  • The added features of Claim 6 permit a single cable to provide both data connection and electrical power to the control panel and add-on module or modules.
  • Claim 7 defines a control panel that may be conveniently mounted inside an equipment rack shared with circuit breakers and other industrial control equipment. As an alternative, the control panel may support a regular wall mount.
  • The variant of Claim 8 takes account of the fact that off-the-shelf radio-frequency identification (RFID) readers are delivered with factory default settings. Such third-party devices are typically prepared to be configured by means of an RFID card, mobile handhelds, or radio USB dongles, often in conjunction with proprietary software accompanying the product. For these types of generic readers, the claimed subject matter permits the control panel to imitate an RFID tag upon interrogation, thus also eliminating the risk of losing or misplacing the physical configuration card.
  • A control panel according to Claim 9 offers a most versatile user interface for stand-alone operation.
  • The features recited in Claim 10 and Claim 11, respectively, let users of a corresponding control panel choose between various stationary and mobile configuration scenarios. For instance, assuming a user has been assigned the role of a security administrator, her Bluetooth-enabled portable device - referenced by unique identification - may be authorized to connect to the control panel peer-to-peer, allowing her to customize the control panel on site.
  • An embodiment according to Claim 12 fulfils the most critical prerequisites for installing an advanced mobile operating system such as Android 4.4 or later. Though its widespread popularity, use of the Android operating system prepares the control panel for the use of numerous libraries and application programming interfaces (APIs) that mitigate hardware integration effort and risk of functional defects such as in the panel's firmware.
  • The added features of Claim 13 enable a local web service to be used as a communication handler, offering various standard protocols for communicating with arbitrary host systems. Also, by maintaining an additional local web server, any functional parameters required for operating the panel may be accessed through the device's configuration homepage.
  • Claim 14 defines a control panel that meets the Common Criteria for an at least semi-formally designed and tested target of evaluation (EAL5+), thus qualifying the device for a high level of independently assured security.
  • Lastly, a control panel according to Claim 15, assuming the use of a sufficient key length, is prepared for data privacy protection as may be required by national regulations such as the German Federal Data Protection Act or United States Privacy Act.
    • Brief description of drawings
    • Figure 1 is a block diagram of a control panel according to the invention.
    • Figure 2 is a block diagram of a mainboard.
    • Figure 3 is a block diagram of a first baseboard.
    • Figure 4 is a block diagram of a second baseboard.
    Description of embodiments
  • Figure 1 is an overview of a control panel (10) for physical access control according to an embodiment of the invention. In this embodiment, the control panel (10) is composed of a main device (11), which serves to control an arbitrary number of conventional front ends (not depicted), and an add-on module (17), which basically serves to adapted a limited number of those front ends to the main device (11). Physically, the main device (11) and add-on module (17) are adapted to be mounted on a joint DIN rail or side by side on a wall.
  • The main device (11) essentially consists of a generic first baseboard (18), an application-specific mainboard (12) carried by the first baseboard (18), and a user interface (13) connected to the mainboard (12), the user interface (13) of the present embodiment comprising light-emitting diodes (35), buttons (36), and an optional liquid-crystal display (37). The add-on module (17) comprises a second baseboard (19), the mainboard (12) and second baseboard (19) each being connected to the first baseboard (18) through an interface (20) and a power supply (21, 33).
  • Figure 2 elucidates the mainboard (12) in further detail. As may be gathered from this drawing, the mainboard (12) comprises a quad-core central processing unit (14) based on a reduced instruction-set computing (RISC) architecture, 1 GB of random-access memory (42) connected to the central processing unit (14) through a memory bus (43), and an additional 8 GB of flash memory (15) connected to the central processing unit (14) for storing access profiles and transactional data. The mainboard (12), based on the aforementioned specifications, is prepared to operate an Android system - as maintained by Google Inc. -, manage its data using a relational database management system (RDBMS), and even host a web service for configuring the access profiles through a host, web browser, or application-specific client.
  • As an essential element of the invention, the mainboard (12) further comprises a secure element (16, 44) connected to the central processing unit (14) for storing cryptographic keys, which in the present embodiment are used both to authenticate the control panel (10) to its front ends as well as to encrypt the transactional data stored in flash memory (15). On the mainboard (12) at hand, the secure element (16, 44) takes the form of an integrated circuit (16) brazed to the mainboard (12). Specifically, a trusted platform module (TPM) microcontroller as specified in ISO/IEC 11889 offers a particularly powerful cryptoprocessor. However, an alternative may make use of an optional subscriber identity module (44) as defined by the 3rd Generation Partnership Project (3GPP).
  • In a preferred embodiment, the subscriber identity module (44) may take the form of a Java Card as specified by Oracle Corporation. Specifically, the module (44) may be based on the Java Card OpenPlatform (JCOP) serviced by NXP Semiconductors, include a memory chip model trademarked by NXP as MIFARE, and feature MIFARE DESFire EV1 emulation as a proprietary Java Card API extension. Corresponding contactless services are specified by Amendment C to the GlobalPlatform (GP) 2.2.1 architectural component of the JCOP.
  • The mainboard (12) further comprises, inter alia, an Ethernet physical transceiver (30) connected to the central processing unit (14) through a media-independent interface (31), a short-range radio frequency module (38) connected to the central processing unit (14) through a universal asynchronous receiver/transmitter (39), and an embedded low-energy Bluetooth and Wi-Fi module (40) connected to the central processing unit (14) through a secure digital input/output (41) interface (20).
  • Preferably, the low-energy Bluetooth module (40) supports the iBeacon protocol standardized by Apple Inc., taking the form of a so-called beacon. Based on such transmitter, the mainboard (12) may be adapted to broadcast its identifier to nearby portable electronic devices such as smartphones and tablets. Using a compatible app and operating system, maintenance personnel can thus be guided indoors to the approximate location of a specific control panel (10).
  • Figure 3 depicts the first baseboard (18). Aside from a power converter (32) feeding the power supply (21, 33) and sourcing its power over Ethernet (34), the first baseboard (18) most notably comprises a tamper detector (22) connected to the mainboard (12) through a general-purpose input/output (23). In the present embodiment, the tamper detector (22) serves a two-fold purpose: While physical intrusion into the main device (11) will trigger a first type of event, an integrated absolute position transducer and acceleration sensor will trigger a second type event. Such discrimination enables the security administrator to configure a distinct action to be performed in response to each of the two events.
  • Similarly, now referencing Figure 4 , the second baseboard (19), for each of its attachable front ends, comprises an RS-485 transceiver (25) - connected to the first baseboard (18) through a serial network bus (26) - as well as two air-gap switches (27, 28) connected to the first baseboard (18) through an inter-integrated circuit (29).
    • Industrial applicability
  • First and foremost, the invention is applicable throughout the security industry.
    • Reference signs list
  • Similar reference signs denote corresponding features consistently throughout the attached drawings:
    • 10
    Control panel
    11
    Main device
    12
    Mainboard
    13
    User interface
    14
    Central processing unit (CPU)
    15
    Flash memory
    16
    Secure element (brazed)
    17
    Add-on module
    18
    First baseboard
    19
    Second baseboard
    20
    Interface
    21
    Internal system supply
    22
    Tamper detector
    23
    General-purpose input/output
    24
    For each front end
    25
    RS-485 transceiver and termination
    26
    Universal serial bus
    27
    First air-gap switch
    28
    Second air-gap switch
    29
    Inter-integrated circuit (I2C)
    30
    Ethernet physical transceiver (PHY)
    31
    Media-independent interface
    32
    DC/DC power converter
    33
    Supply for reader, door opener and add-on modules
    34
    Power over Ethernet plus (PoE+)
    35
    Light-emitting diode (LED)
    36
    Button
    37
    Liquid-crystal display (LCD)
    38
    Short-range radio frequency (RF) module
    39
    Universal asynchronous receiver/transmitter (UART)
    40
    Wireless-fidelity (Wi-Fi) module
    41
    Secure digital input/output (SDIO)
    42
    DDR3 random-access memory (RAM)
    43
    DDR3 memory bus
    44
    Subscriber identity module (SIM)
    45
    Module bus connector
    Citation list
  • The following literature is cited throughout this document.
    • Patent literature
  • US 8881252 B (BRIVO SYSTEMS, INC.) 04.11.2014
    • Non-patent literature
  • NORMAN, Thomas L.Electronic Access Control. 1st edition. Oxford: Butterworth-Heinemann, 2012. ISBN 0123820286. p.221-239.

Claims (15)

  1. Control panel (10) for physical access control,
    comprising a main device (11) comprising
    a mainboard (12) for controlling front ends connected to the control panel (10) and a user interface (13) connected to the mainboard (12) for operating the control panel (10),
    wherein the mainboard (12) comprises a central processing unit (14) and flash memory (15) connected to the central processing unit (14) for storing access profiles and transactional data,
    characterized in that
    the mainboard (12) further comprises a secure element (16, 44) connected to the central processing unit (14) for storing cryptographic keys, wherein the mainboard (12) is adapted to control the front ends securely using the cryptographic keys.
  2. Control panel (10) according to Claim 1,
    characterized in
    an add-on module (17) for connecting the front ends to the main device (11), wherein the main device (11) further comprises a first baseboard (18), the add-on module (17) comprises a second baseboard (19), and the mainboard (12) and second baseboard (19) are each connected to the first baseboard (18) through an interface (20) and a power supply (21, 33).
  3. Control panel (10) according to Claim 2,
    characterized in that
    at least the first baseboard (18) comprises a tamper detector (22) connected to the mainboard (12) through a general-purpose input/output (23).
  4. Control panel (10) according to Claim 2 or Claim 3,
    characterized in that,
    for each front end (24), the second baseboard (19) comprises an RS-485 transceiver (25) connected to the first baseboard (18) through a serial network bus (26).
  5. Control panel (10) according to any of Claim 2 to Claim 4,
    characterized in that
    for each front end (24), the second baseboard (19) comprises air-gap switches (27, 28) connected to the first baseboard (18) through an inter-integrated circuit (29).
  6. Control panel (10) according to any of Claim 2 to Claim 5,
    characterized in that
    the mainboard (12) further comprises an Ethernet physical transceiver (30) connected to the central processing unit (14) through a media-independent interface (31),
    the first baseboard (18) comprises at least one power converter (32) connected to the power supply (21, 33), and
    the power supply (21, 33) is adapted to source power over Ethernet (34) through the power converter (32).
  7. Control panel (10) according to any of Claim 2 to Claim 6,
    characterized in that
    the main device (11) and add-on module (17) are adapted to be mounted on a joint DIN rail or side by side on a wall.
  8. Control panel (10) according to any of the preceding claims,
    characterized in that
    the control panel (10) comprises an antenna module for emulating a radio-frequency identification card.
  9. Control panel (10) according to any of the preceding claims,
    characterized in that
    the user interface (13) comprises light-emitting diodes (35), buttons (36), and preferably a liquid-crystal display (37).
  10. Control panel (10) according to any of the preceding claims,
    characterized in that
    the mainboard (12) further comprises a
    short-range radio frequency module (38) connected to the central processing unit (14) through a
    universal asynchronous receiver/transmitter (39) and an embedded Wi-Fi module (40) connected to the central processing unit (14) through a secure digital input/output (41).
  11. Control panel (10) according to Claim 10,
    characterized in that
    the Wi-Fi module (40) is adapted to support a personal-area network, preferably Bluetooth.
  12. Control panel (10) according to any of the preceding claims,
    characterized in that
    the central processing unit (14) is based on a reduced instruction-set computing architecture and
    the mainboard (12) further comprises random-access memory (42) connected to the central processing unit (14) through a memory bus (43).
  13. Control panel (10) according to Claim 12,
    characterized in that
    the mainboard (12) is further adapted to host a web service for configuring the access profiles using the cryptographic keys.
  14. Control panel (10) according to any of the preceding claims,
    characterized in that
    the secure element (16, 44) takes the form of a subscriber identity module (44) or an integrated circuit (16) brazed to the mainboard (12).
  15. Control panel (10) according to any of the preceding claims,
    characterized in that
    the mainboard (12) is further adapted to encrypt the transactional data using the cryptographic keys.
EP15187165.4A 2015-09-28 2015-09-28 Control panel for physical access control Withdrawn EP3147870A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP15187165.4A EP3147870A1 (en) 2015-09-28 2015-09-28 Control panel for physical access control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP15187165.4A EP3147870A1 (en) 2015-09-28 2015-09-28 Control panel for physical access control

Publications (1)

Publication Number Publication Date
EP3147870A1 true EP3147870A1 (en) 2017-03-29

Family

ID=54252020

Family Applications (1)

Application Number Title Priority Date Filing Date
EP15187165.4A Withdrawn EP3147870A1 (en) 2015-09-28 2015-09-28 Control panel for physical access control

Country Status (1)

Country Link
EP (1) EP3147870A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002005220A1 (en) * 2000-07-12 2002-01-17 Network Systems Group Limited Integrated telephone/proximity access control system
US20110140837A1 (en) * 2011-02-22 2011-06-16 Tiffany Cassandra-Do Lam Universal security access control
US20130287211A1 (en) * 2010-11-03 2013-10-31 Gemalto Sa System for accessing a service and corresponding portable device and method
US20140250956A1 (en) * 2013-03-11 2014-09-11 Kwikset Corporation Electronic deadbolt
US8881252B2 (en) 2013-03-14 2014-11-04 Brivo Systems, Inc. System and method for physical access control
US20150170449A1 (en) * 2005-02-04 2015-06-18 Edmonds H. Chandler, Jr. Method and apparatus for a merged power-communication cable in door security environment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002005220A1 (en) * 2000-07-12 2002-01-17 Network Systems Group Limited Integrated telephone/proximity access control system
US20150170449A1 (en) * 2005-02-04 2015-06-18 Edmonds H. Chandler, Jr. Method and apparatus for a merged power-communication cable in door security environment
US20130287211A1 (en) * 2010-11-03 2013-10-31 Gemalto Sa System for accessing a service and corresponding portable device and method
US20110140837A1 (en) * 2011-02-22 2011-06-16 Tiffany Cassandra-Do Lam Universal security access control
US20140250956A1 (en) * 2013-03-11 2014-09-11 Kwikset Corporation Electronic deadbolt
US8881252B2 (en) 2013-03-14 2014-11-04 Brivo Systems, Inc. System and method for physical access control

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
NORMAN, THOMAS L.: "Electronic Access Control.", 2012, BUTTERWORTH-HEINEMANN, pages: 221 - 239

Similar Documents

Publication Publication Date Title
US9563794B2 (en) Method for upgrading RFID readers in situ
CN104050510A (en) Intelligent room reservation system based on mobile terminal
GB2516686A (en) Communication method and system
CN102831721A (en) Intelligent safe deposit box system and control method
CN105592403B (en) NFC-based communication device and method
CN105046775A (en) Device for unlocking time domain two-dimension code
CN203191973U (en) Electronic device with dual systems
WO2015045345A1 (en) Communication apparatus, setting program, and distribution switchboard incorporating communication apparatus
GB2533675A (en) Communication method and system
CN111599042A (en) Unlocking method, self-service storage device, terminal equipment, server and system
US10075435B1 (en) Device deregistration using forward-chaining encryption
AU2021273648B2 (en) Multi-use near field communication front end on a point of sale system
EP3182384B2 (en) Improved physical access control system
KR101495884B1 (en) Apparatus and method for managing asset using one-chip using including wifi module, bluetooth moduel and nfc tag
EP3147870A1 (en) Control panel for physical access control
CN204904393U (en) Time domain two -dimensional code unlocking device
US9582684B2 (en) Method for configuring an application for an end device
CN204216909U (en) Special service system information safety device
EP3561666B1 (en) Mobile device with access rights management
US20200234264A1 (en) Multi-use near field communication front end on a point of sale system
KR20190017041A (en) How to manage security elements
US9489668B2 (en) Electronic payment device
KR20140021331A (en) Digital protective relay and power meter
EP3591902A1 (en) Mobile device showing plant view and dashboard
CN204360446U (en) A kind of Fingerprint Lock transponder

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20170829

RAV Requested validation state of the european patent: fee paid

Extension state: MA

Effective date: 20170829

RAX Requested extension states of the european patent have changed

Extension state: BA

Payment date: 20170829

Extension state: ME

Payment date: 20170829

RBV Designated contracting states (corrected)

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

19U Interruption of proceedings before grant

Effective date: 20191230

19W Proceedings resumed before grant after interruption of proceedings

Effective date: 20200901

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: XCCELO SYSTEMS GMBH

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20210401