SE1951047A1 - Evaluating access to a physical space - Google Patents

Evaluating access to a physical space

Info

Publication number
SE1951047A1
SE1951047A1 SE1951047A SE1951047A SE1951047A1 SE 1951047 A1 SE1951047 A1 SE 1951047A1 SE 1951047 A SE1951047 A SE 1951047A SE 1951047 A SE1951047 A SE 1951047A SE 1951047 A1 SE1951047 A1 SE 1951047A1
Authority
SE
Sweden
Prior art keywords
access
lock
evaluator
credential
valid
Prior art date
Application number
SE1951047A
Other languages
Swedish (sv)
Inventor
Anders Borg
Eric Thomsen
Gunnar Frank
Peder Sylwan
Stig Lagerstedt
Original Assignee
Assa Abloy Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Assa Abloy Ab filed Critical Assa Abloy Ab
Priority to SE1951047A priority Critical patent/SE1951047A1/en
Priority to PCT/EP2020/075729 priority patent/WO2021052943A1/en
Publication of SE1951047A1 publication Critical patent/SE1951047A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration

Abstract

It is provided a method for evaluating access to a physical space secured by a lock. The method is performed in an access evaluator and comprises the steps of: receiving an access request from an application server, the access request comprising a user identifier and a lock identifier; evaluating, based on the user identifier and the lock identifier, whether access is to be granted; and transmitting a valid access credential for the lock to a gateway being proximate to the lock when access is granted.

Description

EVALUATING ACCESS TO A PHYSICAL SPACE TECHNICAL FIELD 1. 1. id="p-1" id="p-1"
[0001] The present disclosure relates to the field of evaluating access to a physicalspace and in particular to evaluating access to a physical space where an access requestis received from an application server and a valid access credential is transmitted to a gateway.
BACKGROUND 2. 2. id="p-2" id="p-2"
[0002] Locks and keys are evolving from the traditional pure mechanical locks.These days, electronic locks are becoming increasingly common. For electronic locks, nomechanical key profile is needed for authentication of a user. The electronic locks cane.g. be opened using an electronic key stored on a special carrier (fob, card, etc.) or in amobile device, such as a smartphone. The electronic key and electronic lock can oftencommunicate over a wireless interface. Such electronic locks provide a number ofbenefits, including improved flexibility in management of access rights, audit trails, key management, CTC. 3. 3. id="p-3" id="p-3"
[0003] When an electronic key, e.g. as part of a mobile device, approaches a doorsecured by an offline lock, one solution is for the mobile device to establishcommunication with the lock and to thereafter engage in a credential evaluationprocedure. However, such a procedure requires a significant amount of implementationeffort in the mobile device in order to securely and reliably perform the credentialevaluation procedure. Moreover, such procedures can differ between locks and may need to be updated, requiring maintenance of software of all such mobile devices.
SUMMARY 4. 4. id="p-4" id="p-4"
[0004] One objective is to provide a solution where a mobile device which requestsaccess to a lock does not need to implement a credential evaluation procedure for communicating with the lock. . . id="p-5" id="p-5"
[0005] According to a first aspect, it is provided a method for evaluating access to a physical space secured by a lock. The method is performed in an access evaluator and comprises the steps of: receiving an access request from an application server, theaccess request comprising a user identifier and a lock identifier; evaluating, based onthe user identifier and the lock identifier, whether access is to be granted; andtransmitting a valid access credential for the lock to a gateway being proximate to the lock when access is granted. 6. 6. id="p-6" id="p-6"
[0006] The valid access credential may be in a format which complies with mobile credentials usable with the lock. 7. 7. id="p-7" id="p-7"
[0007] The method may further comprise the step of: receiving audit trail data fromthe gateway. 8. 8. id="p-8" id="p-8"
[0008] The method may fiirther comprise the step of: providing audit trail data to the application server. 9. 9. id="p-9" id="p-9"
[0009] The method may fiirther comprise the steps of: generating the valid accesscredential after the step of evaluating; and deleting the valid access credential from the access evaluator after the step of transmitting the valid access credential. . . id="p-10" id="p-10"
[0010] According to a second aspect, it is provided an access evaluator for evaluatingaccess to a physical space secured by a lock. The access evaluator comprises: aprocessor; and a memory storing instructions that, when executed by the processor,cause the access evaluator to: receive an access request from an application server, theaccess request comprising a user identifier and a lock identifier; evaluate, based on theuser identifier and the lock identifier, whether access is to be granted; and transmit avalid access credential for the lock to a gateway being proximate to the lock when access is granted. 11. 11. id="p-11" id="p-11"
[0011] The valid access credential may be in a format which complies with mobile credentials usable with the lock. 12. 12. id="p-12" id="p-12"
[0012] The access evaluator may fiirther comprise instructions that, when executed by the processor, cause the access evaluator to: receive audit trail data from the gateway. 3 13. 13. id="p-13" id="p-13"
[0013] The access evaluator may fiirther comprise instructions that, when executedby the processor, cause the access evaluator to: provide audit trail data to the application server. 14. 14. id="p-14" id="p-14"
[0014] The access evaluator may fiirther comprise instructions that, when executedby the processor, cause the access evaluator to: generate the valid access credential priorto executing the instructions to evaluate; and delete the valid access credential from the access evaluator after executing the instructions to transmit the valid access credential. . . id="p-15" id="p-15"
[0015] According to a third aspect, it is provided a computer program for evaluatingaccess to a physical space secured by a lock. The computer program comprises computerprogram code which, when run on an access evaluator causes the access evaluator to:receive an access request from an application server, the access request comprising auser identifier and a lock identifier; evaluate, based on the user identifier and the lockidentifier, whether access is to be granted; and transmit a valid access credential for the lock to a gateway being proximate to the lock when access is granted. 16. 16. id="p-16" id="p-16"
[0016] According to a fourth aspect, it is provided a computer program productcomprising a computer program according to the third aspect and a computer readable means on which the computer program is stored. 17. 17. id="p-17" id="p-17"
[0017] Generally, all terms used in the claims are to be interpreted according to theirordinary meaning in the technical field, unless explicitly defined otherwise herein. Allreferences to "a/ an /the element, apparatus, component, means, step, etc." are to beinterpreted openly as referring to at least one instance of the element, apparatus,component, means, step, etc., unless explicitly stated otherwise. The steps of anymethod disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.
BRIEF DESCRIPTION OF THE DRAWINGS 18. 18. id="p-18" id="p-18"
[0018] Aspects and embodiments are now described, by way of example, with refer- ence to the accompanying drawings, in which: 4 19. 19. id="p-19" id="p-19"
[0019] Fig 1 is a schematic diagram illustrating an environment in which embodiments presented herein can be applied; . . id="p-20" id="p-20"
[0020] Fig 2 is a sequence diagram illustrating communication between various entities of embodiments which can be applied in the environment of Fig 1; 21. 21. id="p-21" id="p-21"
[0021] Fig 3 is a flow chart illustrating embodiments of methods for requesting access to a physical space secured by a lock; 22. 22. id="p-22" id="p-22"
[0022] Fig 4 is a schematic diagram illustrating components of the access evaluator of Fig 1 according to one embodiment; and 23. 23. id="p-23" id="p-23"
[0023] Fig 5 shows one example of a computer program product comprising computer readable means.
DETAILED DESCRIPTION 24. 24. id="p-24" id="p-24"
[0024] The aspects of the present disclosure will now be described more fullyhereinafter with reference to the accompanying drawings, in which certainembodiments of the invention are shown. These aspects may, however, be embodied inmany different forms and should not be construed as limiting; rather, theseembodiments are provided by way of example so that this disclosure will be thoroughand complete, and to fully convey the scope of all aspects of invention to those skilled in the art. Like numbers refer to like elements throughout the description. . . id="p-25" id="p-25"
[0025] Fig 1 is a schematic diagram illustrating an environment in whichembodiments presented herein can be applied. A lock 4 is provided to secure access to aphysical space 16. The physical space 16 can e.g. be or be part of a hotel, cruise ship,office, factory, home or any other suitable physical space which can be secured by anelectronic lock 4 provided by a door, window, gate, etc. While only one lock 4 is shown in Fig 1, there can be many more locks, each securing access to a physical space. 26. 26. id="p-26" id="p-26"
[0026] The lock 4 is an electronic lock and can be unlocked using a mobile device 2as described in more detail below. The mobile device 2 is carried by a user 9. The mobiledevice 2 may be implemented as part of a mobile phone, a smartphone, a key fob, wearable device, smart phone case, access card, electronic physical key, etc. 27. 27. id="p-27" id="p-27"
[0027] The mobile device 2 reads a lock identifier from the lock 4 over a localcommunication link. The local communication link can be any suitable short-rangewired or short-range wireless communication, e.g. using Near Field Communication(NFC), Bluetooth, Bluetooth Low Energy (BLE), any of the IEEE 802.15 standards, etc. 28. 28. id="p-28" id="p-28"
[0028] The mobile device 2 is connected to a communication network 6. Thecommunication network 6 can e.g. be based on Internet Protocol (IP) over WiFi or any suitable cellular network standard, and can form part of the Internet. 29. 29. id="p-29" id="p-29"
[0029] To request access, the mobile device 2 sends the lock identifier and a useridentifier to an application server 3. The functionality in the mobile device 2 describedherein can be implemented by an application (also known as app) executing in themobile device 2. The mobile device 2 and its application co-operates with the application server 3 over the communication network 6. . . id="p-30" id="p-30"
[0030] The application server 3 is a server which performs server relatedfunctionality in cooperation with the application executing in the mobile device. Asknown in the art per se, the application server 3 can be implemented using one or morephysical servers in one or more physical locations. The party responsible for theapplication server 3 can also be the party which is responsible for the application 2mentioned to form part of the mobile device 2, used, i.a., for requesting and obtaining access to the physical space 16 secured by the lock 4. 31. 31. id="p-31" id="p-31"
[0031] The application server 3 requests access to the physical space 16 for the user9 by communicating with an access evaluator 1. This communication occurs over the communication network 6. 32. 32. id="p-32" id="p-32"
[0032] The access evaluator 1 is a server which can receive access requests for one ormore physical spaces 16 secured by respective locks 4. Significantly, the access requestsare received from one node (the application server 3), but any access grants areimplemented using another node, namely a gateway 7. Communication between theaccess evaluator 1 and the gateway 7 occurs over the communication network 6. The access evaluator 1 can form part of an electronic access control system, comprising also the lock 4 and optionally the gateway 7. The application server 3 and the mobile device 2 do not need to form part of the access control system. 33. 33. id="p-33" id="p-33"
[0033] The gateway 7 is a device which can communicate both over thecommunication network 6 and over the local communication link with the lock 4. Asexplained in more detail below, the gateway 7 is used in a credential evaluation procedure to unlock the lock 4 when access is granted by the access evaluator 1. 34. 34. id="p-34" id="p-34"
[0034] It is to be noted that the lock 4 can equally well work with mobile deviceswhich implement also the credential evaluation, i.e. mobile devices 2 that store a credential (e.g. key cards, etc.) which is used in the credential evaluation with the lock 4. . . id="p-35" id="p-35"
[0035] Fig 2 is a sequence diagram illustrating communication between various entities of embodiments which can be applied in the environment of Fig 1. 36. 36. id="p-36" id="p-36"
[0036] When the user reaches the lock 4, the mobile device 2 obtains a lock identifier20 from the lock 4 over the local communication link. If the lock was in a low-powermode, the lock 4 first wakes up e.g. by a sensor detecting metal in its presence. Insteadof sending an access request to the lock 4, the mobile device 2 sends an access request22 to the application server 3. This access request can be implemented easily in themobile device 2 and the mobile device does not need to implement a complete credential evaluation procedure. 37. 37. id="p-37" id="p-37"
[0037] The access request 22 comprises the lock identifier 20 and a user identifier21. The user identifier 21 can be any suitable identifier which allows the applicationserver to identify the user and can e.g. be a phone number, an e-mail address, anidentifier issued by the application server 3, or an identifier issued by a third party, such as Facebook, Instagram, WeChat, Google, Apple, Snapchat, etc. 38. 38. id="p-38" id="p-38"
[0038] The application server 3 generates a corresponding access request 22”,corresponding to the access request 22 from the mobile device 2. The correspondingaccess request 22” can be in the same format as the access request 22 from the mobiledevice 2, or it can differ, but the corresponding access request 22” also comprises the lock identifier 20 and the user identifier 21. The application server 3 transmits the 7 corresponding access request 22” to the access evaluator 1 over the communication network 6. 39. 39. id="p-39" id="p-39"
[0039] Once the access evaluator 1 has received the corresponding access request22”, the access evaluator 1 determines whether access through the lock 4 should begranted. If access is denied, the sequence ends. Otherwise, the access evaluator 1 obtainsa credential 25 which is valid for unlocking the lock 4 and transmits the credential 36 to the gateway 7 over the communication network 6. 40. 40. id="p-40" id="p-40"
[0040] The lock 4 and the gateway 7 now engage in a credential evaluation procedure26, where the communication occurs of the local communication link. The credentialevaluation procedure 26 can e.g. comprise a challenge-response procedure or othersuitable procedure. Such as the gateway providing the credential 25 to the lock 4 forevaluation. When the credential evaluation procedure 26 is successful, the lock 4 setsitself in an unlocked state, to allow the user of the mobile device 2 access to the physical space secured by the lock 4. 41. 41. id="p-41" id="p-41"
[0041] Actions by the lock 4, such as unlocking, opening, closing, denied access,unlocking without subsequent opening, etc., are optionally captured in an audit trail.Each action is then stored as a data item, together with user id and time. One or moredata items of the audit trail is provided over the local communication link as audit traildata 27 to the gateway 7. For instance, the audit trail data 27 can be sent after eachaction. Alternatively, the audit trail data 27 is transmitted periodically in time or after acertain number of actions. The gateway 7 forwards corresponding audit trail data 27 tothe access evaluator 1. This audit trail data can 27 be made available to the application server 3 to collect statistics on access events. 42. 42. id="p-42" id="p-42"
[0042] Using this procedure, the first access request 22 is generated in the mobiledevice 2 based on local communication with the lock 4, but the credential evaluation 26is performed between the lock 4 and the gateway 7. In this way, the mobile device isrelieved from implementing and keeping up-to-date a credential evaluation procedurewhich is complicated and can even be different for different entities of the lock 4. Suchcredential evaluation procedures have previously formed part of SDKs (Software Development Kits) provided by the developer of the access control system to form part 8 of the application in the mobile device. However, such SDKs can take up space andrequire updating to stay functional with all types of locks. By using embodimentspresented herein, the SDK for access control do not need to form part of the application in the mobile device 2. 43. 43. id="p-43" id="p-43"
[0043] Moreover, the credential does not need to be stored in the mobile device 2.Instead, the gateway 7, which can be under control of the party of the access evaluator 1and/ or the lock 4, receives the credential from the access evaluator 1 and implementsthe credential evaluation procedure 26. From the perspective of the lock 4, the localcommunication appears the same as if a mobile device 2 were to implement also thecredential evaluation. Hence, the lock 4 does not need to be modified to operate correctly in accordance with embodiments presented herein. 44. 44. id="p-44" id="p-44"
[0044] Fig 3 is a flow chart illustrating embodiments of methods for evaluatingaccess to a physical space secured by a lock. The method is performed in the accessevaluator. The method essentially corresponds to actions performed by the access evaluator in the sequence diagram of Fig 2, described above. 45. 45. id="p-45" id="p-45"
[0045] In a receive access request step 40, the access evaluator receives an accessrequest from an application server. The access request comprises a user identifier and alock identifier. 46. 46. id="p-46" id="p-46"
[0046] In an evaluate step 42, the access evaluator evaluates, based on the useridentifier and the lock identifier, whether access is to be granted. This evaluation can bebased on access rules available to the access evaluator, stored in the access evaluator or externally. 47. 47. id="p-47" id="p-47"
[0047] In an optional generate credential step 43, the access evaluator generates thevalid access credential after the step of evaluating. When this step is performed, the credential is generated on demand, and is not otherwise stored for a long time. 48. 48. id="p-48" id="p-48"
[0048] When step 43 is not performed, the credential can be retrieved from storage, internal or external to the access evaluator. 9 49. 49. id="p-49" id="p-49"
[0049] In a transmit credential step 44, the access evaluator transmits a valid accesscredential for the lock to a gateway being proximate to the lock. The valid accesscredential is in a format which complies with mobile credentials usable with the lock.The credential is valid in the sense that it can be used to unlock the lock in a credential evaluation procedure as described above. 50. 50. id="p-50" id="p-50"
[0050] In an optional delete step 45, the access evaluator deletes the valid accesscredential from the access evaluator. This is performed after the step of transmitting thevalid access credential, since the access credential is needed for the transmission. Whenstep 43 and this step is implemented, the credential is only present in the accessevaluator for a short time, which significantly reduces the risk that a hacker could gain access to any particular credential. 51. 51. id="p-51" id="p-51"
[0051] In an optional receive audit trail data step 46, the access evaluator receives audit trail data from the gateway. 52. 52. id="p-52" id="p-52"
[0052] In an optional provide audit trail data step 48, the access evaluator providesaudit trail data to the application server, based on the audit trail data received from thegateway (in step 46). The audit trail data provided to the application server can be identical to or a subset of the audit trail data received from the gateway. 53. 53. id="p-53" id="p-53"
[0053] Fig 4 is a schematic diagram illustrating components of the access evaluator 1of Fig 1 according to one embodiment. A processor 60 is provided using anycombination of one or more of a suitable central processing unit (CPU), multiprocessor,microcontroller, digital signal processor (DSP), etc., capable of executing softwareinstructions 67 stored in a memory 64, which can thus be a computer program product.The processor 60 could alternatively be implemented using an application specificintegrated circuit (ASIC), field programmable gate array (FPGA), etc. The processor 60 can be configured to execute the method described with reference to Fig 3 above. 54. 54. id="p-54" id="p-54"
[0054] The memory 64 can be any combination of random-access memory (RAM)and/ or read-only memory (ROM). The memory 64 also comprises persistent storage,which, for example, can be any single one or combination of magnetic memory, optical memory, solid-state memory or even remotely mounted memory. 55. 55. id="p-55" id="p-55"
[0055] A data memory 66 is also provided for reading and/ or storing data duringexecution of software instructions in the processor 60. The data memory 66 can be anycombination of RAM and/ or ROM. 56. 56. id="p-56" id="p-56"
[0056] The access evaluator 1 further comprises an I/ O interface 62 forcommunicating with external and/ or internal entities. Optionally, the I/ O interface 62 also includes a user interface. 57. 57. id="p-57" id="p-57"
[0057] Other components of the access evaluator 1 are omitted in order not to obscure the concepts presented herein. 58. 58. id="p-58" id="p-58"
[0058] Fig 5 shows one example of a computer program product 90 comprisingcomputer readable means. On this computer readable means, a computer program 91can be stored, which computer program can cause a processor to execute a methodaccording to embodiments described herein. In this example, the computer programproduct is an optical disc, such as a CD (compact disc) or a DVD (digital versatile disc)or a Blu-Ray disc. As explained above, the computer program product could also beembodied in a memory of a device, such as the computer program product 64 of Fig 4.While the computer program 91 is here schematically shown as a track on the depictedoptical disk, the computer program can be stored in any way which is suitable for thecomputer program product, such as a removable solid-state memory, e.g. a UniversalSerial Bus (USB) drive. 59. 59. id="p-59" id="p-59"
[0059] The aspects of the present disclosure have mainly been described above withreference to a few embodiments. However, as is readily appreciated by a person skilledin the art, other embodiments than the ones disclosed above are equally possible withinthe scope of the invention, as defined by the appended patent claims. Thus, whilevarious aspects and embodiments have been disclosed herein, other aspects andembodiments will be apparent to those skilled in the art. The various aspects andembodiments disclosed herein are for purposes of illustration and are not intended to be limiting, with the true scope and spirit being indicated by the following claims.

Claims (12)

1. A method for evaluating access to a physical space (16) secured by a lock (4), themethod being performed in an access evaluator (1) and comprising the steps of: receiving (40) an access request (22”) from an application server (3), the accessrequest (22”) comprising a user identifier (21) and a lock identifier (2o); evaluating (42), based on the user identifier (21) and the lock identifier (20),whether access is to be granted; and transmitting (44) a valid access credential (25) for the lock to a gateway (7) being proximate to the lock (4) when access is granted.
2. The method according to claim 1, wherein the valid access credential (25) is in a format which complies with mobile credentials usable with the lock (4).
3. The method according to claim 1 or 2, further comprising the step of: receiving (46) audit trail data from the gateway.
4. The method according to claim 3, further comprising the step of: providing (48) audit trail data to the application server (3).
5. The method according to any one of the preceding claims, further comprising thesteps of:generating (43) the valid access credential after the step of evaluating (42); anddeleting (45) the valid access credential from the access evaluator (1) after the step of transmitting (44) the valid access credential.
6. An access evaluator (1) for evaluating access to a physical space (16) secured by alock (4), the access evaluator comprising: a processor (6o); and a memory (64) storing instructions (67) that, when executed by the processor,cause the access evaluator (1) to: receive an access request (22”) from an application server (3), the access request(22”) comprising a user identifier (21) and a lock identifier (2o); evaluate, based on the user identifier (21) and the lock identifier (20), whether access is to be granted; and 12 transmit a valid access credential (25) for the lock to a gateway (7) being proximate to the lock (4) when access is granted.
7. The access evaluator (1) according to claim 6, wherein the valid access credential (25) is in a format which complies with mobile credentials usable with the lock (4).
8. The access evaluator (1) according to claim 6 or 7, further comprising instructions(67) that, when executed by the processor, cause the access evaluator (1) to: receive audit trail data from the gateway.
9. The access evaluator (1) according to claim 8, further comprising instructions (67)that, when executed by the processor, cause the access evaluator (1) to: provide audit trail data to the application server (3).
10. The access evaluator (1) according to any one of claims 6 to 9, further comprisinginstructions (67) that, when executed by the processor, cause the access evaluator (1) to:generate the valid access credential prior to executing the instructions to evaluate;anddelete the valid access credential from the access evaluator (1) after executing the instructions to transmit (44) the valid access credential.
11. A computer program (67, 91) for evaluating access to a physical space (16) securedby a lock (4), the computer program comprising computer program code which, whenrun on an access evaluator (1) causes the access evaluator (1) to: receive an access request (22”) from an application server (3), the access request(22”) comprising a user identifier (21) and a lock identifier (2o); evaluate, based on the user identifier (21) and the lock identifier (20), whetheraccess is to be granted; and transmit a valid access credential (25) for the lock to a gateway (7) being proximate to the lock (4) when access is granted.
12. A computer program product (64, 90) comprising a computer program according to claim 11 and a computer readable means on which the computer program is stored.
SE1951047A 2019-09-16 2019-09-16 Evaluating access to a physical space SE1951047A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
SE1951047A SE1951047A1 (en) 2019-09-16 2019-09-16 Evaluating access to a physical space
PCT/EP2020/075729 WO2021052943A1 (en) 2019-09-16 2020-09-15 Evaluating access to a physical space

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
SE1951047A SE1951047A1 (en) 2019-09-16 2019-09-16 Evaluating access to a physical space

Publications (1)

Publication Number Publication Date
SE1951047A1 true SE1951047A1 (en) 2021-03-17

Family

ID=72521618

Family Applications (1)

Application Number Title Priority Date Filing Date
SE1951047A SE1951047A1 (en) 2019-09-16 2019-09-16 Evaluating access to a physical space

Country Status (2)

Country Link
SE (1) SE1951047A1 (en)
WO (1) WO2021052943A1 (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160035159A1 (en) * 2014-07-29 2016-02-04 Aruba Networks, Inc. Method for using mobile devices with validated user network identity as physical identity proof
US20160189459A1 (en) * 2013-03-15 2016-06-30 August Home Inc. Intelligent door lock system with encryption
WO2016131416A1 (en) * 2015-02-16 2016-08-25 Polaris Tech Global Limited Cross-platform automated perimeter access control system and method adopting rfid-to-bluetooth selective adapter
US20170295180A1 (en) * 2016-04-06 2017-10-12 Guardtime Ip Holdings Limited System and Method for Access Control Using Context-Based Proof
US20170301166A1 (en) * 2016-04-15 2017-10-19 Schlage Lock Company Llc Wireless credential proximity control
US20170301165A1 (en) * 2016-04-14 2017-10-19 Schlage Lock Company Llc Bi-directional access control system
US20180245372A1 (en) * 2017-02-24 2018-08-30 Schlage Lock Company Llc Exit device systems and methods
US20180248704A1 (en) * 2017-02-24 2018-08-30 Sera4 Ltd. Secure locking of physical resources using asymmetric cryptography
US20180365920A1 (en) * 2017-06-14 2018-12-20 International Business Machines Corporation Cognitive intercom assistant

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2834964A1 (en) * 2011-05-02 2012-11-08 Apigy Inc. Systems and methods for controlling a locking mechanism using a portable electronic device
US9691205B2 (en) * 2015-05-08 2017-06-27 Shane Wesley Robinson Cloud controlled common access entry point locking system and method

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160189459A1 (en) * 2013-03-15 2016-06-30 August Home Inc. Intelligent door lock system with encryption
US20160035159A1 (en) * 2014-07-29 2016-02-04 Aruba Networks, Inc. Method for using mobile devices with validated user network identity as physical identity proof
WO2016131416A1 (en) * 2015-02-16 2016-08-25 Polaris Tech Global Limited Cross-platform automated perimeter access control system and method adopting rfid-to-bluetooth selective adapter
US20170295180A1 (en) * 2016-04-06 2017-10-12 Guardtime Ip Holdings Limited System and Method for Access Control Using Context-Based Proof
US20170301165A1 (en) * 2016-04-14 2017-10-19 Schlage Lock Company Llc Bi-directional access control system
US20170301166A1 (en) * 2016-04-15 2017-10-19 Schlage Lock Company Llc Wireless credential proximity control
US20180245372A1 (en) * 2017-02-24 2018-08-30 Schlage Lock Company Llc Exit device systems and methods
US20180248704A1 (en) * 2017-02-24 2018-08-30 Sera4 Ltd. Secure locking of physical resources using asymmetric cryptography
US20180365920A1 (en) * 2017-06-14 2018-12-20 International Business Machines Corporation Cognitive intercom assistant

Also Published As

Publication number Publication date
WO2021052943A1 (en) 2021-03-25

Similar Documents

Publication Publication Date Title
US9935936B2 (en) Federated realm discovery
CN107948321B (en) Remote authorization method and system for vehicle
US9906949B2 (en) Addressing wireless nodes
US9219750B2 (en) Communication access control device, communication access control method, and computer readable recording medium
US11145148B2 (en) Secure wireless lock-actuation exchange
US9967290B2 (en) Systems and methods for automating client-side discovery of public keys of external contacts that are secured by DANE using DNSSEC
US20160373442A1 (en) User identity based on location patterns of non-associated devices
CN105450614A (en) Server account login method, apparatus and system
SE1951047A1 (en) Evaluating access to a physical space
GB2519609A (en) Audiovisual associative authentication method and related system
US11403900B2 (en) Transmitting service provider access data to a service provider server
SE544210C2 (en) Method, access coordination server, computer program and computer program product for providing access to a lock for a service provider using a grant token and credential
CN107371160B (en) Method and equipment for carrying out wireless connection pre-authorization on user equipment
SE1951100A1 (en) Enabling remote unlock of a lock
SE1951173A1 (en) Authenticating with an authentication server for requesting access to a physical space
US11019047B2 (en) Credential loss prevention
US20210036906A1 (en) Method and system for camera authentication using a video management system
SE2151268A1 (en) Determining when to establish a communication channel for access control
WO2023161188A1 (en) Communicating a media stream between a guest device and an approval device for evaluating whether to unlock an electronic lock
US20210144139A1 (en) Method for configuring access to an internet service
SE544177C2 (en) Inside or outside a barrier comprising an rf barrier
CN117082504A (en) Key generation method and device and network equipment
JP2015148944A (en) Authentication control system and gateway device
SE544340C2 (en) Secure configuration of a target device performed by a user device
SE1951396A1 (en) Electronic lock configured to receive power from a mobile phone

Legal Events

Date Code Title Description
NAV Patent application has lapsed