EP3147870A1 - Panneau de commande pour contrôle d'accès physique - Google Patents

Panneau de commande pour contrôle d'accès physique Download PDF

Info

Publication number
EP3147870A1
EP3147870A1 EP15187165.4A EP15187165A EP3147870A1 EP 3147870 A1 EP3147870 A1 EP 3147870A1 EP 15187165 A EP15187165 A EP 15187165A EP 3147870 A1 EP3147870 A1 EP 3147870A1
Authority
EP
European Patent Office
Prior art keywords
control panel
mainboard
baseboard
processing unit
central processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP15187165.4A
Other languages
German (de)
English (en)
Inventor
Jochen Becker
Dietmar Zappel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xccelo Systems GmbH
Original Assignee
Ileso Engineering GmbH
Ileso Eng GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ileso Engineering GmbH, Ileso Eng GmbH filed Critical Ileso Engineering GmbH
Priority to EP15187165.4A priority Critical patent/EP3147870A1/fr
Publication of EP3147870A1 publication Critical patent/EP3147870A1/fr
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00412Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal being encrypted
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C2009/00753Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
    • G07C2009/00769Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00944Details of construction or manufacture

Definitions

  • the invention pertains to the field of security engineering, particularly physical security.
  • physical security describes any security measure that is designed to protect personnel or property from damage or harm. More specifically, access control is the selective restriction of access to facilities, equipment, and other physical resources. State-of-the-art electronic access control systems manage large user populations, controlling for user lifecycles times, dates, and individual access points.
  • control panel any electronics panel that can interface with or control access to control system field devices such as credential readers, electrified locks, door position switches, and request-to-exit devices.
  • credential readers such as credential readers, electrified locks, door position switches, and request-to-exit devices.
  • An overview of such panels and associated networks is provided in NORMAN, Thomas L.Electronic Access Control. 1st edition. Oxford: Butterworth-Heinemann, 2012. ISBN 0123820286. p.221-239 .
  • a system for physical access control is disclosed in US 8881252 B (BRIVO SYSTEMS, INC.) 04.11.2014 and includes, inter alia, a conventional control panel.
  • the invention aims to provide an improved panel for physical access control.
  • Any control panel according to Claim 1 bears the advantage that keys and particulars may be stored cryptographically secure.
  • key material may be bound to the secure hardware of the main device in a non-exportable fashion, mitigating the risk of keys being extracting and protecting the latter from unauthorized use.
  • a control panel according to Claim 2 proves scalable for a wide variety of deployment scenarios.
  • Claim 3 allow for even improved protective mechanisms using configurable event triggers that facilitate a partial or complete auto-purge of the panel's internal database in case of tampering. This way, a potential attacker may be denied access to any data worthy of protection.
  • the subject-matter of Claim 4 implements a concept of high serviceability: Pertinent data such as assigned bus addresses are routinely mirrored between the main device and add-on module. Such added redundancy allows for the unskilled service technician to replace either component as required, causing the substitute device to import its complete configuration from the senior peer.
  • An embodiment according to Claim 5 allows for legacy front ends such as various magnetic contacts, locks, and release buzzers to be controlled.
  • Claim 6 permit a single cable to provide both data connection and electrical power to the control panel and add-on module or modules.
  • Claim 7 defines a control panel that may be conveniently mounted inside an equipment rack shared with circuit breakers and other industrial control equipment.
  • the control panel may support a regular wall mount.
  • the variant of Claim 8 takes account of the fact that off-the-shelf radio-frequency identification (RFID) readers are delivered with factory default settings. Such third-party devices are typically prepared to be configured by means of an RFID card, mobile handhelds, or radio USB dongles, often in conjunction with proprietary software accompanying the product. For these types of generic readers, the claimed subject matter permits the control panel to imitate an RFID tag upon interrogation, thus also eliminating the risk of losing or misplacing the physical configuration card.
  • RFID radio-frequency identification
  • a control panel according to Claim 9 offers a most versatile user interface for stand-alone operation.
  • An embodiment according to Claim 12 fulfils the most critical prerequisites for installing an advanced mobile operating system such as Android 4.4 or later. Though its widespread popularity, use of the Android operating system prepares the control panel for the use of numerous libraries and application programming interfaces (APIs) that mitigate hardware integration effort and risk of functional defects such as in the panel's firmware.
  • APIs application programming interfaces
  • Claim 13 enable a local web service to be used as a communication handler, offering various standard protocols for communicating with arbitrary host systems. Also, by maintaining an additional local web server, any functional parameters required for operating the panel may be accessed through the device's configuration homepage.
  • Claim 14 defines a control panel that meets the Common Criteria for an at least semi-formally designed and tested target of evaluation (EAL5+), thus qualifying the device for a high level of independently assured security.
  • EAL5+ at least semi-formally designed and tested target of evaluation
  • control panel according to Claim 15 is prepared for data privacy protection as may be required by national regulations such as the German Federal Data Protection Act or United States Privacy Act.
  • FIG. 1 is an overview of a control panel (10) for physical access control according to an embodiment of the invention.
  • the control panel (10) is composed of a main device (11), which serves to control an arbitrary number of conventional front ends (not depicted), and an add-on module (17), which basically serves to adapted a limited number of those front ends to the main device (11).
  • the main device (11) and add-on module (17) are adapted to be mounted on a joint DIN rail or side by side on a wall.
  • the main device (11) essentially consists of a generic first baseboard (18), an application-specific mainboard (12) carried by the first baseboard (18), and a user interface (13) connected to the mainboard (12), the user interface (13) of the present embodiment comprising light-emitting diodes (35), buttons (36), and an optional liquid-crystal display (37).
  • the add-on module (17) comprises a second baseboard (19), the mainboard (12) and second baseboard (19) each being connected to the first baseboard (18) through an interface (20) and a power supply (21, 33).
  • the mainboard (12) comprises a quad-core central processing unit (14) based on a reduced instruction-set computing (RISC) architecture, 1 GB of random-access memory (42) connected to the central processing unit (14) through a memory bus (43), and an additional 8 GB of flash memory (15) connected to the central processing unit (14) for storing access profiles and transactional data.
  • the mainboard (12) based on the aforementioned specifications, is prepared to operate an Android system - as maintained by Google Inc. -, manage its data using a relational database management system (RDBMS), and even host a web service for configuring the access profiles through a host, web browser, or application-specific client.
  • RDBMS relational database management system
  • the mainboard (12) further comprises a secure element (16, 44) connected to the central processing unit (14) for storing cryptographic keys, which in the present embodiment are used both to authenticate the control panel (10) to its front ends as well as to encrypt the transactional data stored in flash memory (15).
  • the secure element (16, 44) takes the form of an integrated circuit (16) brazed to the mainboard (12).
  • a trusted platform module (TPM) microcontroller as specified in ISO/IEC 11889 offers a particularly powerful cryptoprocessor.
  • an alternative may make use of an optional subscriber identity module (44) as defined by the 3 rd Generation Partnership Project (3GPP).
  • the subscriber identity module (44) may take the form of a Java Card as specified by Oracle Corporation.
  • the module (44) may be based on the Java Card OpenPlatform (JCOP) serviced by NXP Semiconductors, include a memory chip model trademarked by NXP as MIFARE, and feature MIFARE DESFire EV1 emulation as a proprietary Java Card API extension.
  • JCOP Java Card OpenPlatform
  • NXP Semiconductors include a memory chip model trademarked by NXP as MIFARE, and feature MIFARE DESFire EV1 emulation as a proprietary Java Card API extension.
  • Corresponding contactless services are specified by Amendment C to the GlobalPlatform (GP) 2.2.1 architectural component of the JCOP.
  • the mainboard (12) further comprises, inter alia, an Ethernet physical transceiver (30) connected to the central processing unit (14) through a media-independent interface (31), a short-range radio frequency module (38) connected to the central processing unit (14) through a universal asynchronous receiver/transmitter (39), and an embedded low-energy Bluetooth and Wi-Fi module (40) connected to the central processing unit (14) through a secure digital input/output (41) interface (20).
  • an Ethernet physical transceiver (30) connected to the central processing unit (14) through a media-independent interface (31)
  • a short-range radio frequency module (38) connected to the central processing unit (14) through a universal asynchronous receiver/transmitter (39)
  • an embedded low-energy Bluetooth and Wi-Fi module (40) connected to the central processing unit (14) through a secure digital input/output (41) interface (20).
  • the low-energy Bluetooth module (40) supports the iBeacon protocol standardized by Apple Inc., taking the form of a so-called beacon.
  • the mainboard (12) may be adapted to broadcast its identifier to nearby portable electronic devices such as smartphones and tablets. Using a compatible app and operating system, maintenance personnel can thus be guided indoors to the approximate location of a specific control panel (10).
  • Figure 3 depicts the first baseboard (18). Aside from a power converter (32) feeding the power supply (21, 33) and sourcing its power over Ethernet (34), the first baseboard (18) most notably comprises a tamper detector (22) connected to the mainboard (12) through a general-purpose input/output (23).
  • the tamper detector (22) serves a two-fold purpose: While physical intrusion into the main device (11) will trigger a first type of event, an integrated absolute position transducer and acceleration sensor will trigger a second type event. Such discrimination enables the security administrator to configure a distinct action to be performed in response to each of the two events.
  • the second baseboard (19) for each of its attachable front ends, comprises an RS-485 transceiver (25) - connected to the first baseboard (18) through a serial network bus (26) - as well as two air-gap switches (27, 28) connected to the first baseboard (18) through an inter-integrated circuit (29).
  • the invention is applicable throughout the security industry.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Lock And Its Accessories (AREA)
EP15187165.4A 2015-09-28 2015-09-28 Panneau de commande pour contrôle d'accès physique Withdrawn EP3147870A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP15187165.4A EP3147870A1 (fr) 2015-09-28 2015-09-28 Panneau de commande pour contrôle d'accès physique

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP15187165.4A EP3147870A1 (fr) 2015-09-28 2015-09-28 Panneau de commande pour contrôle d'accès physique

Publications (1)

Publication Number Publication Date
EP3147870A1 true EP3147870A1 (fr) 2017-03-29

Family

ID=54252020

Family Applications (1)

Application Number Title Priority Date Filing Date
EP15187165.4A Withdrawn EP3147870A1 (fr) 2015-09-28 2015-09-28 Panneau de commande pour contrôle d'accès physique

Country Status (1)

Country Link
EP (1) EP3147870A1 (fr)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002005220A1 (fr) * 2000-07-12 2002-01-17 Network Systems Group Limited Systeme integre de telephone/controle d'acces par proximite
US20110140837A1 (en) * 2011-02-22 2011-06-16 Tiffany Cassandra-Do Lam Universal security access control
US20130287211A1 (en) * 2010-11-03 2013-10-31 Gemalto Sa System for accessing a service and corresponding portable device and method
US20140250956A1 (en) * 2013-03-11 2014-09-11 Kwikset Corporation Electronic deadbolt
US8881252B2 (en) 2013-03-14 2014-11-04 Brivo Systems, Inc. System and method for physical access control
US20150170449A1 (en) * 2005-02-04 2015-06-18 Edmonds H. Chandler, Jr. Method and apparatus for a merged power-communication cable in door security environment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002005220A1 (fr) * 2000-07-12 2002-01-17 Network Systems Group Limited Systeme integre de telephone/controle d'acces par proximite
US20150170449A1 (en) * 2005-02-04 2015-06-18 Edmonds H. Chandler, Jr. Method and apparatus for a merged power-communication cable in door security environment
US20130287211A1 (en) * 2010-11-03 2013-10-31 Gemalto Sa System for accessing a service and corresponding portable device and method
US20110140837A1 (en) * 2011-02-22 2011-06-16 Tiffany Cassandra-Do Lam Universal security access control
US20140250956A1 (en) * 2013-03-11 2014-09-11 Kwikset Corporation Electronic deadbolt
US8881252B2 (en) 2013-03-14 2014-11-04 Brivo Systems, Inc. System and method for physical access control

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
NORMAN, THOMAS L.: "Electronic Access Control.", 2012, BUTTERWORTH-HEINEMANN, pages: 221 - 239

Similar Documents

Publication Publication Date Title
US9563794B2 (en) Method for upgrading RFID readers in situ
CN104050510A (zh) 基于移动终端的智能客房预订系统
GB2516686A (en) Communication method and system
CN105118127A (zh) 一种访客系统及其控制方法
CN102831721A (zh) 智能保管箱系统及控制方法
CN105592403B (zh) 一种基于nfc的通信装置和方法
CN105046775A (zh) 时域二维码解锁装置
CN203191973U (zh) 一种具有双系统的电子装置
WO2015045345A1 (fr) Appareil de communication, programme de réglage et tableau de distribution incorporant l'appareil de communication
GB2533675A (en) Communication method and system
AU2021273648B2 (en) Multi-use near field communication front end on a point of sale system
EP3182384B2 (fr) Système amélioré de contrôle d'accès physique
KR101495884B1 (ko) 와이파이 모듈, 블루투스 모듈 및 nfc 태그를 포함하는 원칩을 이용하는 자산 관리 장치 및 방법
EP3147870A1 (fr) Panneau de commande pour contrôle d'accès physique
CN204904393U (zh) 时域二维码解锁装置
KR101673642B1 (ko) 디지털 전기 계측, 계전 기기
US9582684B2 (en) Method for configuring an application for an end device
CN104933453A (zh) 环网柜信息的管理系统和方法
CN204216909U (zh) 特色服务系统信息安全装置
US11308470B2 (en) Multi-use near field communication front end on a point of sale system
EP3561666B1 (fr) Dispositif mobile avec gestion de droits d'accès
EP3591902A1 (fr) Dispositif mobile montrant une vue d'installation et un tableau de bord
CN204360446U (zh) 一种指纹锁转发器
KR101509151B1 (ko) 와이파이 모듈, 블루투스 모듈 및 nfc 태그를 포함하는 원칩을 이용한 자산 관리 방법
KR101493372B1 (ko) 와이파이 모듈, 블루투스 모듈 및 nfc 태그를 포함하는 원칩을 이용하는 자산 관리 시스템

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20170829

RAV Requested validation state of the european patent: fee paid

Extension state: MA

Effective date: 20170829

RAX Requested extension states of the european patent have changed

Extension state: BA

Payment date: 20170829

Extension state: ME

Payment date: 20170829

RBV Designated contracting states (corrected)

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

19U Interruption of proceedings before grant

Effective date: 20191230

19W Proceedings resumed before grant after interruption of proceedings

Effective date: 20200901

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: XCCELO SYSTEMS GMBH

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20210401