EP3147870A1 - Panneau de commande pour contrôle d'accès physique - Google Patents
Panneau de commande pour contrôle d'accès physique Download PDFInfo
- Publication number
- EP3147870A1 EP3147870A1 EP15187165.4A EP15187165A EP3147870A1 EP 3147870 A1 EP3147870 A1 EP 3147870A1 EP 15187165 A EP15187165 A EP 15187165A EP 3147870 A1 EP3147870 A1 EP 3147870A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- control panel
- mainboard
- baseboard
- processing unit
- central processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
- G07C2009/00412—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal being encrypted
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C2009/00753—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
- G07C2009/00769—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00944—Details of construction or manufacture
Definitions
- the invention pertains to the field of security engineering, particularly physical security.
- physical security describes any security measure that is designed to protect personnel or property from damage or harm. More specifically, access control is the selective restriction of access to facilities, equipment, and other physical resources. State-of-the-art electronic access control systems manage large user populations, controlling for user lifecycles times, dates, and individual access points.
- control panel any electronics panel that can interface with or control access to control system field devices such as credential readers, electrified locks, door position switches, and request-to-exit devices.
- credential readers such as credential readers, electrified locks, door position switches, and request-to-exit devices.
- An overview of such panels and associated networks is provided in NORMAN, Thomas L.Electronic Access Control. 1st edition. Oxford: Butterworth-Heinemann, 2012. ISBN 0123820286. p.221-239 .
- a system for physical access control is disclosed in US 8881252 B (BRIVO SYSTEMS, INC.) 04.11.2014 and includes, inter alia, a conventional control panel.
- the invention aims to provide an improved panel for physical access control.
- Any control panel according to Claim 1 bears the advantage that keys and particulars may be stored cryptographically secure.
- key material may be bound to the secure hardware of the main device in a non-exportable fashion, mitigating the risk of keys being extracting and protecting the latter from unauthorized use.
- a control panel according to Claim 2 proves scalable for a wide variety of deployment scenarios.
- Claim 3 allow for even improved protective mechanisms using configurable event triggers that facilitate a partial or complete auto-purge of the panel's internal database in case of tampering. This way, a potential attacker may be denied access to any data worthy of protection.
- the subject-matter of Claim 4 implements a concept of high serviceability: Pertinent data such as assigned bus addresses are routinely mirrored between the main device and add-on module. Such added redundancy allows for the unskilled service technician to replace either component as required, causing the substitute device to import its complete configuration from the senior peer.
- An embodiment according to Claim 5 allows for legacy front ends such as various magnetic contacts, locks, and release buzzers to be controlled.
- Claim 6 permit a single cable to provide both data connection and electrical power to the control panel and add-on module or modules.
- Claim 7 defines a control panel that may be conveniently mounted inside an equipment rack shared with circuit breakers and other industrial control equipment.
- the control panel may support a regular wall mount.
- the variant of Claim 8 takes account of the fact that off-the-shelf radio-frequency identification (RFID) readers are delivered with factory default settings. Such third-party devices are typically prepared to be configured by means of an RFID card, mobile handhelds, or radio USB dongles, often in conjunction with proprietary software accompanying the product. For these types of generic readers, the claimed subject matter permits the control panel to imitate an RFID tag upon interrogation, thus also eliminating the risk of losing or misplacing the physical configuration card.
- RFID radio-frequency identification
- a control panel according to Claim 9 offers a most versatile user interface for stand-alone operation.
- An embodiment according to Claim 12 fulfils the most critical prerequisites for installing an advanced mobile operating system such as Android 4.4 or later. Though its widespread popularity, use of the Android operating system prepares the control panel for the use of numerous libraries and application programming interfaces (APIs) that mitigate hardware integration effort and risk of functional defects such as in the panel's firmware.
- APIs application programming interfaces
- Claim 13 enable a local web service to be used as a communication handler, offering various standard protocols for communicating with arbitrary host systems. Also, by maintaining an additional local web server, any functional parameters required for operating the panel may be accessed through the device's configuration homepage.
- Claim 14 defines a control panel that meets the Common Criteria for an at least semi-formally designed and tested target of evaluation (EAL5+), thus qualifying the device for a high level of independently assured security.
- EAL5+ at least semi-formally designed and tested target of evaluation
- control panel according to Claim 15 is prepared for data privacy protection as may be required by national regulations such as the German Federal Data Protection Act or United States Privacy Act.
- FIG. 1 is an overview of a control panel (10) for physical access control according to an embodiment of the invention.
- the control panel (10) is composed of a main device (11), which serves to control an arbitrary number of conventional front ends (not depicted), and an add-on module (17), which basically serves to adapted a limited number of those front ends to the main device (11).
- the main device (11) and add-on module (17) are adapted to be mounted on a joint DIN rail or side by side on a wall.
- the main device (11) essentially consists of a generic first baseboard (18), an application-specific mainboard (12) carried by the first baseboard (18), and a user interface (13) connected to the mainboard (12), the user interface (13) of the present embodiment comprising light-emitting diodes (35), buttons (36), and an optional liquid-crystal display (37).
- the add-on module (17) comprises a second baseboard (19), the mainboard (12) and second baseboard (19) each being connected to the first baseboard (18) through an interface (20) and a power supply (21, 33).
- the mainboard (12) comprises a quad-core central processing unit (14) based on a reduced instruction-set computing (RISC) architecture, 1 GB of random-access memory (42) connected to the central processing unit (14) through a memory bus (43), and an additional 8 GB of flash memory (15) connected to the central processing unit (14) for storing access profiles and transactional data.
- the mainboard (12) based on the aforementioned specifications, is prepared to operate an Android system - as maintained by Google Inc. -, manage its data using a relational database management system (RDBMS), and even host a web service for configuring the access profiles through a host, web browser, or application-specific client.
- RDBMS relational database management system
- the mainboard (12) further comprises a secure element (16, 44) connected to the central processing unit (14) for storing cryptographic keys, which in the present embodiment are used both to authenticate the control panel (10) to its front ends as well as to encrypt the transactional data stored in flash memory (15).
- the secure element (16, 44) takes the form of an integrated circuit (16) brazed to the mainboard (12).
- a trusted platform module (TPM) microcontroller as specified in ISO/IEC 11889 offers a particularly powerful cryptoprocessor.
- an alternative may make use of an optional subscriber identity module (44) as defined by the 3 rd Generation Partnership Project (3GPP).
- the subscriber identity module (44) may take the form of a Java Card as specified by Oracle Corporation.
- the module (44) may be based on the Java Card OpenPlatform (JCOP) serviced by NXP Semiconductors, include a memory chip model trademarked by NXP as MIFARE, and feature MIFARE DESFire EV1 emulation as a proprietary Java Card API extension.
- JCOP Java Card OpenPlatform
- NXP Semiconductors include a memory chip model trademarked by NXP as MIFARE, and feature MIFARE DESFire EV1 emulation as a proprietary Java Card API extension.
- Corresponding contactless services are specified by Amendment C to the GlobalPlatform (GP) 2.2.1 architectural component of the JCOP.
- the mainboard (12) further comprises, inter alia, an Ethernet physical transceiver (30) connected to the central processing unit (14) through a media-independent interface (31), a short-range radio frequency module (38) connected to the central processing unit (14) through a universal asynchronous receiver/transmitter (39), and an embedded low-energy Bluetooth and Wi-Fi module (40) connected to the central processing unit (14) through a secure digital input/output (41) interface (20).
- an Ethernet physical transceiver (30) connected to the central processing unit (14) through a media-independent interface (31)
- a short-range radio frequency module (38) connected to the central processing unit (14) through a universal asynchronous receiver/transmitter (39)
- an embedded low-energy Bluetooth and Wi-Fi module (40) connected to the central processing unit (14) through a secure digital input/output (41) interface (20).
- the low-energy Bluetooth module (40) supports the iBeacon protocol standardized by Apple Inc., taking the form of a so-called beacon.
- the mainboard (12) may be adapted to broadcast its identifier to nearby portable electronic devices such as smartphones and tablets. Using a compatible app and operating system, maintenance personnel can thus be guided indoors to the approximate location of a specific control panel (10).
- Figure 3 depicts the first baseboard (18). Aside from a power converter (32) feeding the power supply (21, 33) and sourcing its power over Ethernet (34), the first baseboard (18) most notably comprises a tamper detector (22) connected to the mainboard (12) through a general-purpose input/output (23).
- the tamper detector (22) serves a two-fold purpose: While physical intrusion into the main device (11) will trigger a first type of event, an integrated absolute position transducer and acceleration sensor will trigger a second type event. Such discrimination enables the security administrator to configure a distinct action to be performed in response to each of the two events.
- the second baseboard (19) for each of its attachable front ends, comprises an RS-485 transceiver (25) - connected to the first baseboard (18) through a serial network bus (26) - as well as two air-gap switches (27, 28) connected to the first baseboard (18) through an inter-integrated circuit (29).
- the invention is applicable throughout the security industry.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Lock And Its Accessories (AREA)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP15187165.4A EP3147870A1 (fr) | 2015-09-28 | 2015-09-28 | Panneau de commande pour contrôle d'accès physique |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP15187165.4A EP3147870A1 (fr) | 2015-09-28 | 2015-09-28 | Panneau de commande pour contrôle d'accès physique |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3147870A1 true EP3147870A1 (fr) | 2017-03-29 |
Family
ID=54252020
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP15187165.4A Withdrawn EP3147870A1 (fr) | 2015-09-28 | 2015-09-28 | Panneau de commande pour contrôle d'accès physique |
Country Status (1)
Country | Link |
---|---|
EP (1) | EP3147870A1 (fr) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002005220A1 (fr) * | 2000-07-12 | 2002-01-17 | Network Systems Group Limited | Systeme integre de telephone/controle d'acces par proximite |
US20110140837A1 (en) * | 2011-02-22 | 2011-06-16 | Tiffany Cassandra-Do Lam | Universal security access control |
US20130287211A1 (en) * | 2010-11-03 | 2013-10-31 | Gemalto Sa | System for accessing a service and corresponding portable device and method |
US20140250956A1 (en) * | 2013-03-11 | 2014-09-11 | Kwikset Corporation | Electronic deadbolt |
US8881252B2 (en) | 2013-03-14 | 2014-11-04 | Brivo Systems, Inc. | System and method for physical access control |
US20150170449A1 (en) * | 2005-02-04 | 2015-06-18 | Edmonds H. Chandler, Jr. | Method and apparatus for a merged power-communication cable in door security environment |
-
2015
- 2015-09-28 EP EP15187165.4A patent/EP3147870A1/fr not_active Withdrawn
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002005220A1 (fr) * | 2000-07-12 | 2002-01-17 | Network Systems Group Limited | Systeme integre de telephone/controle d'acces par proximite |
US20150170449A1 (en) * | 2005-02-04 | 2015-06-18 | Edmonds H. Chandler, Jr. | Method and apparatus for a merged power-communication cable in door security environment |
US20130287211A1 (en) * | 2010-11-03 | 2013-10-31 | Gemalto Sa | System for accessing a service and corresponding portable device and method |
US20110140837A1 (en) * | 2011-02-22 | 2011-06-16 | Tiffany Cassandra-Do Lam | Universal security access control |
US20140250956A1 (en) * | 2013-03-11 | 2014-09-11 | Kwikset Corporation | Electronic deadbolt |
US8881252B2 (en) | 2013-03-14 | 2014-11-04 | Brivo Systems, Inc. | System and method for physical access control |
Non-Patent Citations (1)
Title |
---|
NORMAN, THOMAS L.: "Electronic Access Control.", 2012, BUTTERWORTH-HEINEMANN, pages: 221 - 239 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9563794B2 (en) | Method for upgrading RFID readers in situ | |
CN104050510A (zh) | 基于移动终端的智能客房预订系统 | |
GB2516686A (en) | Communication method and system | |
CN105118127A (zh) | 一种访客系统及其控制方法 | |
CN102831721A (zh) | 智能保管箱系统及控制方法 | |
CN105592403B (zh) | 一种基于nfc的通信装置和方法 | |
CN105046775A (zh) | 时域二维码解锁装置 | |
CN203191973U (zh) | 一种具有双系统的电子装置 | |
WO2015045345A1 (fr) | Appareil de communication, programme de réglage et tableau de distribution incorporant l'appareil de communication | |
GB2533675A (en) | Communication method and system | |
AU2021273648B2 (en) | Multi-use near field communication front end on a point of sale system | |
EP3182384B2 (fr) | Système amélioré de contrôle d'accès physique | |
KR101495884B1 (ko) | 와이파이 모듈, 블루투스 모듈 및 nfc 태그를 포함하는 원칩을 이용하는 자산 관리 장치 및 방법 | |
EP3147870A1 (fr) | Panneau de commande pour contrôle d'accès physique | |
CN204904393U (zh) | 时域二维码解锁装置 | |
KR101673642B1 (ko) | 디지털 전기 계측, 계전 기기 | |
US9582684B2 (en) | Method for configuring an application for an end device | |
CN104933453A (zh) | 环网柜信息的管理系统和方法 | |
CN204216909U (zh) | 特色服务系统信息安全装置 | |
US11308470B2 (en) | Multi-use near field communication front end on a point of sale system | |
EP3561666B1 (fr) | Dispositif mobile avec gestion de droits d'accès | |
EP3591902A1 (fr) | Dispositif mobile montrant une vue d'installation et un tableau de bord | |
CN204360446U (zh) | 一种指纹锁转发器 | |
KR101509151B1 (ko) | 와이파이 모듈, 블루투스 모듈 및 nfc 태그를 포함하는 원칩을 이용한 자산 관리 방법 | |
KR101493372B1 (ko) | 와이파이 모듈, 블루투스 모듈 및 nfc 태그를 포함하는 원칩을 이용하는 자산 관리 시스템 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20170829 |
|
RAV | Requested validation state of the european patent: fee paid |
Extension state: MA Effective date: 20170829 |
|
RAX | Requested extension states of the european patent have changed |
Extension state: BA Payment date: 20170829 Extension state: ME Payment date: 20170829 |
|
RBV | Designated contracting states (corrected) |
Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
19U | Interruption of proceedings before grant |
Effective date: 20191230 |
|
19W | Proceedings resumed before grant after interruption of proceedings |
Effective date: 20200901 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: XCCELO SYSTEMS GMBH |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20210401 |