SE2151323A1 - Access control communication device, method, computer program and computer program product - Google Patents

Access control communication device, method, computer program and computer program product

Info

Publication number
SE2151323A1
SE2151323A1 SE2151323A SE2151323A SE2151323A1 SE 2151323 A1 SE2151323 A1 SE 2151323A1 SE 2151323 A SE2151323 A SE 2151323A SE 2151323 A SE2151323 A SE 2151323A SE 2151323 A1 SE2151323 A1 SE 2151323A1
Authority
SE
Sweden
Prior art keywords
access control
access
key
key device
communication
Prior art date
Application number
SE2151323A
Inventor
Anders Borg
David Garmén
Mats Cederblad
Peter Siklosi
Tomas Jonsson
Original Assignee
Assa Abloy Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Assa Abloy Ab filed Critical Assa Abloy Ab
Priority to SE2151323A priority Critical patent/SE2151323A1/en
Publication of SE2151323A1 publication Critical patent/SE2151323A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/47Security arrangements using identity modules using near field communication [NFC] or radio frequency identification [RFID] modules
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit

Abstract

It is presented an access control communication device comprising: a short distance radio communication module; a cellular radio communication module; and a controller arranged to communicate access rights associated with a key device, using the cellular radio communication module, with an access control device over a cellular communication network, the communicating comprising sending a request for access management data associated with the lock device, and receiving access management data associated with the lock device; and the controller further being arranged to transmit the access management data to the key device for transfer to the lock device, the communicating and transmitting being arranged to be performed upon the access control device being in communication with the key device using the short distance radio communication module. A corresponding method, computer program and computer program product area also presented.

Description

ACCESS CONTROL COMMUNICATION DEVICE, METHOD,COMPUTER PROGRAM AND COMPUTER PROGRAM PRODUCT TECHNICAL FIELD The invention relates to an access control communication device, associatedmethod, computer program and computer program product for facilitating communication between a key device and an access control device.
BACKGROUND Access control systems based on electronic access are provided today using avariety of different topologies. One such solution is when electronic lockdevices are installed without a power supply. The lock devices may then bepowered when a matching key device is inserted, using an electrical connection with the key device.
An issue exists in how lock devices are provided with up-to-date access rights.
For example, if a person loses a key device, it should be easy and reliable foran operator of the access control system to bar the lost key device from gaining access to any lock devices of the access control system.
In the prior art, the key devices are updated using dedicated key updatedevices connected to laptop computers. While this can provide updatedaccess rights to the key devices for provision to the lock devices, the keyupdate devices are large and cumbersome, whereby the keys are not updatedvery often. This leads to compromised security since a significant amount oftime can flow from an operator updating access rights and the updated access rights being propagated to all lock devices.
SUMMARY It is an object to provide a more convenient way to provide communication between an access control device and a key device.
According to a first aspect, it is presented an access control communicationdevice comprising: a short distance radio communication module; a cellular radio communication module; and a controller arranged to communicate access rights associated with a key device, using the cellular radiocommunication module, with an access control device over a cellularcommunication network, the communicating comprising sending a requestfor access management data associated with the lock device, and receivingaccess management data associated with the lock device; and the controllerfurther being arranged to transmit the access management data to the keydevice for transfer to the lock device, the communicating and transmittingbeing arranged to be performed upon the access control device being incommunication with a key device using the short distance radiocommunication module. Such an access control communication devicegreatly simplifies communication between key device and access controldevice compared to the prior art. Moreover, such an access controlcommunication device can be made small and could e.g. be carried in apocket of a user. The communication can occur from the key device to the access control device and/ or vice versa.
The controller may be arranged to perform any one or more of the followingcommunication with the access control device upon the access control devicebeing in contact with a key device using the short distance radiocommunication module: receiving updated access rights for one or more lockdevices, receiving updated access rights specifically for the key device,receiving an updated validity time for the key device, receiving an updatedtime for a clock of the key device, sending an audit trail for one or more lockdevices, and sending an audit trail for the key device. This provides bettersecurity by supplying access data between the key device and the access control device.
The controller may be arranged to only perform the communication with theaccess control device when a trigger condition has been determined to be true.
The trigger condition may be true when a timer of the access control communication device expires.
The access control communication device may further comprise a user inputdevice, in which case the trigger condition is true when an update command is detected using the user input device.
The access control communication device may form part of a mobile communication terminal.
The access control communication device may further comprise a code inputdevice, in which case the controller is arranged to extend a validity time of akey device in communication with the access control communication device, when a correct code has been entered using the code input device.
According to a second aspect, it is presented a method, performed in anaccess control communication device. The access control communicationdevice comprises a short distance radio communication module; a cellularradio communication module; and a controller. The method comprises thesteps of: determining that a key device is in communication with the accesscontrol device using the short distance radio communication module; andthat the key device is in communication with a lock device for determiningaccess to a physical space; obtaining an identifier of the lock device from thekey device; communicating access rights associated with the key device, usingthe cellular radio communication module, with an access control device overa cellular communication network, the communicating comprising the sub-steps of: sending a request for access management data associated with thelock device, and receiving access management data associated with the lockdevice; and transmitting the access management data to the key device for transfer to the lock device.
The step of communicating may comprise performing any one or more of thefollowing communication tasks with the access control device: receivingupdated access rights for one or more lock devices, receiving updated accessrights specifically for the key device, receiving an updated validity time for the key device, receiving an updated time for a clock of the key device, sending an audit trail for one or more lock devices and sending an audit trail for the key device.
The method may further comprise the steps of: determining whether a triggercondition is true; in which the case the step of communicating with the accesscontrol device only occurs when the trigger condition has been determined to be true.
In the step of determining whether a trigger condition is true, the triggercondition may be true when a timer of the access control communication device expires.
The access control communication device may further comprise a user inputdevice, in which case in the step of determining whether a trigger condition istrue, the trigger condition is true when an update command is detected from the user using the user input device.
The method may further comprise the steps of: receiving, using a code inputdevice, a code entered by a user; and extending a validity time of a key device in communication with the access control communication device.
The step of communicating with the access control device may comprise acting as a gateway between the key device and the access control device.
According to a third aspect, it is provided a computer program comprisingcomputer program code which, when run on an access controlcommunication device, causes the access control communication device to:determine that a key device is in communication with the access controldevice using the short distance radio communication module and that the keydevice is in communication with a lock device for determining access to aphysical space; obtain an identifier of the lock device from the key device; andcommunicate access rights associated with the key device, using the cellularradio communication module, with an access control device over a cellularcommunication network, the communicating comprising the sub-steps of: sending a request for access management data associated with the lock device, and receiving access management data associated with the lockdevice; and transmit the access management data to the key device for transfer to the lock device.
According to a fourth aspect, it is provided a computer program productcomprising a computer program according to the third aspect and a computer readable means on which the computer program is stored.
It is to be noted that any feature of the first, second, third and fourth aspects may be applied, where appropriate, to any other of these aspects.
Generally, all terms used in the claims are to be interpreted according to theirordinary meaning in the technical field, unless explicitly defined otherwiseherein. All references to "a/ an /the element, apparatus, component, means,step, etc." are to be interpreted openly as referring to at least one instance ofthe element, apparatus, component, means, step, etc., unless explicitly statedotherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.
BRIEF DESCRIPTION OF THE DRAWINGSThe invention is now described, by way of example, with reference to the accompanying drawings, in which: Fig 1 is a schematic diagram illustrating an access control system in which embodiments presented herein can be applied; Fig 2 is a schematic diagram more closely illustrating a key device and a lock device from Fig 1; Fig 3 is a schematic diagram illustrating some components of the key device of Figs 1 and 2; Fig 4 is a schematic diagram illustrating the access control communication device of Fig 1; and Fig 5 is a schematic diagram illustrating a method performed in the access control communication device of Figs 1 and 4.
DETAILED DESCRIPTION The invention will now be described more fully hereinafter with reference tothe accompanying drawings, in which certain embodiments of the inventionare shown. This invention may, however, be embodied in many differentforms and should not be construed as limited to the embodiments set forthherein; rather, these embodiments are provided by way of example so thatthis disclosure will be thorough and complete, and will fully convey the scopeof the invention to those skilled in the art. Like numbers refer to like elements throughout the description.
Fig 1 is a schematic diagram illustrating an access control system 3 in whichembodiments presented herein can be applied. There are a number of lockdevices 20. The lock devices 20 perform access control of key devices 1presented to it, e.g. by inserting a key device in question 1 in the lock device20, whereby the lock device 20 is powered by the key device 1. Also, there iscommunication between the key device 1 and the lock device 20 whereby thelock device performs electronic access control of the key device 1. Whenaccess is granted, the lock device 20 is set to an openable state, whereby auser can access a physical space, e.g. by opening a door which is access controlled by the lock device 20.
The key device 1 is equipped with a radio communication module, whereby itcan communicate with an access control device 30 of the access controlsystem 3. The radio communication module is adapted for a short-rangeradio network (such as Bluetooth, BLE (Bluetooth Low Energy), NFC (Near-Field Communication), Wi-Fi, etc.), whereby the key device 1 communicatesover a short-range radio link 36 to an access control communication device70. The access control communication device 70 communicates in turn via acellular network link 35 with the cellular network 32 or the Internet 32 viaWi-Fi, and can thus be a mobile phone or smartphone. The cellular network 32 can be e.g. any one or a combination of LTE (Long Term Evolution), UMTS (Universal Mobile Telecommunications System) utilising W-CDMA(Wideband Code Division Multiplex), CDMA2000 (Code Division MultipleAccess 2000), or any other current or future wireless network, as long as theprinciples described hereinafter are applicable. In this way, the access controlcommunication device 70 acts as a gateway, providing access to the access control device 30 for the key device 1 and vice versa.
The access control device 30 acts as a controller in the access control system3 and may e.g. be implemented using one or more computers, e.g. a serverand an operator terminal. An operator can thereby control access controlrights and monitor other security aspects of the access control system using the access control device 30.
The connection between the key device 1 and the access control device 30 canbe used for several purposes. For example the key devices 1 can be used forproviding data from the access control device 30 to the lock devices 20. Tomake this happen, the key devices 1 connect to the access control device 30on occasion to download such data. When each one of these key devices 1 islater inserted in a lock device 20, the data bound for the lock device 20 is transferred to the lock device 20.
One example will now be presented related to access rights. The key device 1,on occasion, downloads access rights that are later provided to the lockdevices 20 when the key device 1 is inserted. The access rights are stored in amemory of the key device 1, thus providing an asynchronous communicationto (or from) the lock devices 20. These access rights can include a revocationlist, indicating key devices that are to be barred from gaining access. Therevocation list is global in the access control system and thus applies to allkey devices 1 and all lock devices 20. In this way, any changes to therevocation list are propagated efficiently and indiscriminately throughout theaccess control system 3 to lock devices even though these do not have a powersupply by themselves and can not communicate directly with the accesscontrol device 30. Nevertheless, certain items in the access rights may be associated with a particular lock device or a group of lock devices.
If a user in the access control system 3 loses a key device, the operator of theaccess control device 30 can update the access rights in the access controldevice such that the revocation list includes the identity of the lost key device.When one or more key devices 1 download the new revocation list, therevocation list is provided to any lock devices 20 in which the key device 1 isinserted. Even the lost key device will in many cases download the newrevocation list, whereby on an attempt of a thief to gain access using the lost key device will be denied.
Alternatively or additionally, the access rights can include an access list,comprising a list of identifiers of key devices which are to gain access. Theaccess rights can be global within the system, for all lock devices, for individual lock devices or for a group of lock devices.
Alternatively or additionally, each key device 1 can, on occasion, receive anupdated validity time for the key device 1 in question. Each key device 1 mayhave access rights which are only valid until a specific time, after which thekey device 1 loses its access rights. When the key device 1 is in contact withthe access control device, its validity time can be extended. In this way, thekey device 1loses its access rights after a certain amount of time unless itmakes contact with the access control device 30. In one embodiment,updated access rights are downloaded on the same occasion when the validity time of the key device is extended.
The significance of this combination of access rights and validity times will beillustrated in an example now. Let us say that a key device 1 gets stolen. Theoriginal owner reports this and the access control device 30 is updated withnew access rights, barring the stolen key device from access to lock devices inthe access control system 3. The thief does not want these new access rightsto be provided to the lock devices and may prevent communication betweenthe key device and the access control device 30 from happening. However,the validity time will eventually expire and the stolen key device 1 isprevented from gaining access in that way. If the thief then somehow knows that the validity time has expired and allows the key device 1 to communicate with the access control device 30, the validity time may be extended, but thekey device 1 will also download the updated access rights, whereby the stolenkey device 1 is barred from access in that way. Optionally, the access controldevice 30 will not even grant an extended validity time since the stolen key device could be flagged as barred (or stolen).
Alternatively or additionally, each key device 1 can, on occasion, receive anupdated time for the clock of the key device. This ensures that the clock of thekey device is accurate, which ensures the validity times are applied accurately.
The communication between the key devices 1 and the access control device30 can also be used in the other direction, towards the access control device.The mechanism is the same, where communication occurs via the accesscontrol communication device 70. But here, data is transmitted from the lockdevice 20 to the key device 1. When the key device 1 makes contact with the access control device 30, the data is uploaded to the access control device 30.
In one embodiment, the communication abilities are provided to a lockdevice 20 that might normally be powered off. Specifically, there are four components:- an offline (and possibly unpowered) lock device 20.- a battery powered digital physical key device 1 - an access control communication device 70 (e.g. also called mobile phone in this embodiment)- an optional access control device 30 (also known as the cloud), The key device1 connects to the lock device 20 via a conductive interfacewhich is used for data transfer and optionally energy transfer. The mobilephone 70 and the key device 1 communicate using a wireless technology suchas BLE or NFC. The mobile phone and the cloud 30 communicate using a wireless technology such as Wi-Fi or a cellular network. When we want to communicate between the cloud 30 to the lock device 20, the mobile phone70 and the key device 1 are used to form a communication bridge. Theseentities 70, 1 just forward data packets in both directions as needed, from thecloud 30 via the mobile phone 70 and the key device 1 to the lock device 20 and vice versa.
The communication can also be between the lock device 20 and the mobilephone 70, i.e. the communication terminates at the mobile phone 70, inwhich case the cloud 30 is not involved. In this case the key device 1 acts as acommunication bridge, forwarding data packets between the mobile phone70 and the lock device 20. This allows e.g. an app in the mobile phone 70 tocommunicate with the lock device 20, e.g. to update access rights in the lock device 20 or to unlock/lock the lock device 20.
The communication can be end-to-end encrypted, in which case the bridgedevice(s) 1, 70 cannot access the data content of the packets unless e.g. the mobile phone 70 is an end device of the communication.A suitable protocol to be used in these scenarios is Thing RPC.
The communication can also be used for unlocking the lock device 20 by the cloud 30 or the mobile phone 70.
Any key device can be used as a communication bridge to the lock device.This can be illustrated in the following scenario. A user comes home andrealises that her key device is lost. The user can then go to her neighbour,borrow the neighbour”s key device, and insert the borrowed key device in herlock device. This enables communication between the user”s phone and herlock device. This allows the user to use e.g. an app on her phone to unlock thelock device, despite the neighbour's key device not having access rights to herlock device. In this sense, the neighbour”s key device is only used as acommunication bridge to forwarding encrypted packets between the lockdevice and the user”s phone, allowing e.g. an app on the phone to unlock thelock.
The key device 1 uses its memory as temporary storage for data from the lockdevices 20 to the access control device 30. Analogously, the access controlcommunication device 70 can also use its memory as temporary storage fordata from the lock devices 20 to the access control device 30. For example, anaudit trail from the lock devices 20 can be uploaded to the access controldevice 30 in this way. The audit trail to the access control device includesdata about successful and/ or failed attempts of gaining access to the lock device in question.
Also, an audit trail from the key device 1 can be uploaded to the access controldevice 30, indicating successful and/ or failed attempts of the key device in question gaining access to the lock devices.
Optionally, the key device 1 communicates with the access control device 30to obtain authorisation for the key device 1 to be granted access by a lockdevice 20 in real time, when the key device 1 is inserted in the lock device 20.In this way, the access control device 30 is in full control of what key device 1 is allowed to gain access using what lock device 20.
As is explained in more detail below, various trigger conditions can be used toinitiate the communication between the key devices 1 and the access control device 30.
Fig 2 is a schematic diagram more closely illustrating a key device and a lock device from Fig 1.
The key device 1 comprises a connector 12 and a mechanical interface 13(such as a blade), which are electrically insulated from each other. The lockdevice 20 comprises a socket with a first connector 22 and a secondconnector 23. The first connector 22 is positioned such that, when the keydevice 1 is inserted in the socket, the first connector 22 makes contact withthe connector 12 of the key device. The connection can be galvanic, oralternatively an inductive connection. In the case of an inductive connection,the connectors do not need to physically connect. Analogously, the second connector 23 is positioned such that, when the key device 1 is inserted in the socket, the second connector 23 makes galvanic contact with the mechanicalinterface 13 of the key device 1. This arrangement provides a dual terminalconnection between the key device 1 and the lock device 20 when the keydevice 1 is inserted in the socket of the lock device 20. The dual terminalconnection is used both for communication between the key device 1 and thelock device and for powering the lock device by transferring electric powerfrom a power supply of the key device 1 to the lock device 20. Alternatively,separate connectors (not shown) can be provided for powering the lockdevice 20 and communication between the key device 1 and the lock device .
Fig 3 is a schematic diagram illustrating some components of the key deviceof Figs 1 and 2. A processor 2 is provided using any combination of one ormore of a suitable central processing unit (CPU), multiprocessor,microcontroller, digital signal processor (DSP), application specificintegrated circuit etc., capable of executing software instructions stored in a memory 17, which can thus be a computer program product.
The memory 17 can be any combination of read and write memory (RAM)and read only memory (ROM). The memory 17 also comprises persistentstorage, which, for example, can be any single one or combination of solid- state memory, magnetic memory, or optical memory.
Optionally, the processor 2 and the memory 17 can be provided in a single microcontroller unit (MCU).
The key device 1 also comprises a radio communication module 6. The radiocommunication module 6 comprises one or more transceivers, comprisinganalogue and digital components, and a suitable number of antennas. Theradio communication module can be provided for communication over shortrange radio (such as Bluetooth, WiFi, etc.) with the access controlcommunication device 70. Optionally, the radio communication module 6can also be adapted to connect independently to a cellular network for communication with the access control device. Using the radio communication module 6, the key device 1 can communicate with an access control device as explained above.
A clock 4 is provided as part of the key device 1 and is used to enforce the validity times described above.
A battery 18 is provided to power all electrical components of the key deviceand also to power lock devices as explained above. The battery 18 can be a rechargeable battery or an exchangeable disposable battery.
The key device 1 is optionally provided with user input element, such as apush button 7 or similar, which can e.g. be used by a user to start communication with the access control device.
Other components of the key device 1 are omitted in order not to obscure the concepts presented herein.
The key device 1 comprises a mechanical interface 13 for mechanicallymanoeuvring a lock device 20 upon successful access control. The connector12 is provided with electrical insulation 14 from the mechanical interface, to allow two independent galvanic contact terminals with a lock device.
Fig 4 is a schematic diagram illustrating some components of the accesscontrol communication device 70 of Fig 1. A processor, also known as acontroller, 72 is provided using any combination of one or more of a suitablecentral processing unit (CPU), multiprocessor, microcontroller, digital signalprocessor (DSP), application specific integrated circuit etc., capable ofexecuting software instructions stored in a memory 78, which can thus be acomputer program product. The processor 72 can be arranged to executesoftware instructions stored in the memory 78 to perform any one of the methods described with reference to Fig 5 below.
The memory 78 can be any combination of read and write memory (RAM)and read only memory (ROM). The memory 78 also comprises persistentstorage, which, for example, can be any single one or combination of solid- state memory, magnetic memory, or optical memory. Optionally, part or all of the memory 78 is included in a Subscriber Identity Module (SIM), therebyimplementing secure storage and application execution environment, andcan provide credentials which can be used by a cellular communication module 76.
The cellular communication module 76 comprises one or more transceivers,comprising analogue and digital components, and a suitable number ofantennas. The cellular communication module 76 is provided forcommunication with a cellular network such as the cellular network 32 of Fig 1, to connect with the access control device 30.
A short distance radio communication module 75 is provided forcommunication over short range radio (such as Bluetooth, WiFi, etc.), e.g. with the key device 1 as explained above.
A clock 74 is provided and a battery 79 is provided to power all electricalcomponents of the access control communication device 70. The battery 79 can be a rechargeable battery or an exchangeable disposable battery.
A user interface 71 is provided to allow a user to input data and to receiveoutput of data. For example, the user interface 71 can comprise one or moreof a display, which is optionally touch sensitive, a keypad, a microphone, a speaker, etc.
Optionally, a code input device 77 is provided as part of the user interface 71.The code input device 77 can e.g. be used to allow the user to extend thevalidity time of a key device 1 in contact with the access controlcommunication device 70, when access to the access control device is notavailable over the cellular network e. g. due to current radio conditions/ radioisolation. The code input device can e.g. be a keypad or part of a suitably controlled touch sensitive display.
Other components of the access control communication device 70 are omitted in order not to obscure the concepts presented herein.
In one embodiment, the access control communication device 70 forms part of a mobile communication terminal.
Fig 5 is a schematic diagram illustrating a method performed in the accesscontrol communication device 70 of Figs 1 and 4. The method can e.g. beimplemented in the access control communication device 70 using softwareinstructions stored in the memory 78 which, when executed by the processor(controller) 72 causes the processor to perform any embodiment of the method described below.
In a determine communication with key device step 90, the access controlcommunication device determines that a key device is in communication withthe access control device using its short distance radio communication module (see 75 of Fig 4).
In an optional trigger step 91, it is determined whether a trigger condition istrue. If this is the case, the method continues to an obtain lock id step 97.Otherwise, the method repeats the conditional trigger step 91, optionally after an idle period.
The trigger condition can e.g. be that a timer of the access controlcommunication device expires. Alternatively or additionally, the triggercondition can be that a user input element (71 of Fig 4) of the access controlcommunication device is actuated, indicating an update command.Alternatively or additionally, the trigger condition can be that communication with the key device is possible.
In an obtain lock id step 97, an identifier of the lock device is obtained from the key device.
In the communicate with access control device step 92, the access controlcommunication device communicates with the access control device whenpossible, acting as a gateway for communication described with reference toFig 1 above, e.g. to update access rights and/ or to provide audit logs. The access control communication device can thus act as a gateway between the key device and the access control device. If the access control communicationdevice is unable to communicate with the access control device, the access control communication device is considered to be off-line.
This step comprises the sub-steps of sending a request for accessmanagement data associated with the lock device and receiving access management data associated with the lock device.
Access management data is here to be interpreted as data for managingaccess data. In particular, access management data is not the same asoperational access data communicated between the key device and the lockdevice when access is to be granted or denied. Hence, the access controlcommunication device and the key device can be used for providing management data from the access control device to the lock devices.
Using online communication to request and receive access management dataassociated with the lock device, there is only a small amount of data that theaccess control communication device only needs to receive from the accesscontrol device. Particularly when the access control system comprises a largenumber of locks, this is a great advantage. Online communication is to beinterpreted as the ability to communicate as needed on demand. Offlinecommunication, on the other hand is to be interpreted as communicationwhere communication is stored by an intermediate device for further forwarding when the next link to the addressee becomes available.
In a transmit access management data step 98, the access management data is transmitted to the key device for transfer to the lock device.
In the conditional enter code step 93, it is determined whether a code needsto be entered. This can e.g. be due to the access control communicationdevice (and thus any connected key device) being off-line and a code needs tobe entered to extend the validity time of the key device in contact with theaccess control communication device. In one embodiment, it is required toenter a code every so often to extend the validity time of a key device. This could be every time the validity time is extended or less often (or more often) than that. This prevents someone not knowing the code from gaining accessusing a lost key device, even if the revocation list has not been updated yet. Inone embodiment, it is required to enter a code every time access to a lockdevice is needed, regardless if the key device is offline or online. If a codeneeds to be entered, the method continues to a receive code input step 94.
Otherwise, the method ends.
In the receive code input step 94, a code is received from the user of theaccess control communication device using the code input device of the access control communication device.
In a conditional correct code step 95, it is evaluated whether the code whichwas input by the user is correct or not. If this is the case, the methodcontinues to an extend validity time step 96. Otherwise, the method eitherreturns to the receive code input step 94 or the method ends, if too many unsuccessful attempts of code input have been detected.
In the extend validity time step 96, the validity time of the key device incontact with the access control communication device is extended, as explained above.
Optionally, the method is repeated to be ready for more communication between the access control device and the key device.
Here now follows a list of embodiments from another perspective, enumerated with roman numerals. i. An access control communication device comprising: a short distance radio communication module; a cellular radio communication module; and a controller arranged to communicate access rights associated with akey device, using the cellular radio communication module, with an accesscontrol device over a cellular communication network upon the accesscontrol device being in communication with the key device using the short distance radio communication module. ii. The access control communication device according to claim i, whereinthe controller is arranged to perform any one or more of the followingcommunication with the access control device upon the access control devicebeing in contact with a key device using the short distance radiocommunication module: receiving updated access rights for one or more lockdevices, receiving updated access rights specifically for the key device,receiving an updated validity time for the key device, receiving an updatedtime for a clock of the key device, sending an audit trail for one or more lock devices, and sending an audit trail for the key device. iii. The access control communication device according to claim i or ii,wherein the controller is arranged to only perform the communication withthe access control device when a trigger condition has been determined to be true. iv. The access control communication device according to claim iii, whereinthe trigger condition is true when a timer of the access control communication device expires. v. The access control communication device according to claims iii or iv,wherein the access control communication device further comprises a userinterface, and the trigger condition is true when an update command is detected using the user interface. vi. The access control communication device according to any one of claimsi to v, wherein the access control communication device forms part of a mobile communication terminal. vii. The access control communication device according to any one of claimsi to vi further comprising a code input device, wherein the controller isarranged to extend a validity time of a key device in communication with theaccess control communication device, when a correct code has been entered using the code input device. viii. A method, performed in an access control communication device, theaccess control communication device comprising a short distance radiocommunication module; a cellular radio communication module; and acontroller, the method comprising the steps of: determining that a key device is in communication with the accesscontrol device using the short distance radio communication module; and communicating, access rights associated with the key device using thecellular radio communication module, with an access control device over a cellular communication network. ix. The method according to claim viii, wherein the step of communicatingcomprises performing any one or more of the following communication taskswith the access control device: receiving updated access rights for one ormore lock devices, receiving updated access rights specifically for the keydevice, receiving an updated validity time for the key device, receiving anupdated time for a clock of the key device, sending an audit trail for one or more lock devices and sending an audit trail for the key device.
X. The method according to claim viii or ix, further comprising the step of:determining whether a trigger condition is true;and wherein the step of communicating with the access control device only occurs when the trigger condition has been determined to be true. xi. The method according to claim x, wherein in the step of determiningwhether a trigger condition is true, the trigger condition is true when a timer of the access control communication device expires. xii. The method according to claims x or xi, wherein the access controlcommunication device further comprises a user interface, and in the step ofdetermining whether a trigger condition is true, the trigger condition is true when an update command is detected from the user using the user interface. xiii. The method according to any one of claims ix to xii, further comprisingthe steps of: receiving, using a code input device, a code entered by a user; and extending a validity time of a key device in communication with the access control communication device. xiv. The method according to any one of claims ix to xiii, wherein the step ofcommunicating with the access control device comprises acting as a gateway between the key device and the access control device. xv. A computer program comprising computer program code which, whenrun on an access control communication device, causes the access controlcommunication device to:determine that a key device is in communication with the access controldevice using the short distance radio communication module; andcommunicate access rights associated with the key device, using thecellular radio communication module, with an access control device over a cellular communication network. xvi. A computer program product comprising a computer programaccording to claim xv and a computer readable means on which the computer program is stored.
The invention has mainly been described above with reference to a fewembodiments. However, as is readily appreciated by a person skilled in theart, other embodiments than the ones disclosed above are equally possible within the scope of the invention, as defined by the appended patent claims.

Claims (16)

1. An access control communication device (70) comprising: a short distance radio communication module (75); a cellular radio communication module (76); and a controller (72) arranged to communicate access rights associated witha key device, using the cellular radio communication module (76), with anaccess control device (30) over a cellular communication network (32), thecommunicating comprising sending a request for access management dataassociated with the lock device (20), and receiving access management dataassociated with the lock device (20); and the controller further beingarranged to transmit the access management data to the key device (1) fortransfer to the lock device (20), the communicating and transmitting beingarranged to be performed upon the access control device (70) being incommunication with the key device (1) using the short distance radio communication module (75).
2. The access control communication device (70) according to claim 1,wherein the controller is arranged to perform any one or more of thefollowing communication with the access control device (30) upon the accesscontrol device (70) being in contact with a key device (1) using the shortdistance radio communication module (75): receiving updated access rightsfor one or more lock devices (20), receiving updated access rights specificallyfor the key device (1), receiving an updated validity time for the key device(1), receiving an updated time for a clock of the key device (1), sending anaudit trail for one or more lock devices (20), and sending an audit trail for the key device (1).
3. The access control communication device (70) according to claim 1 or 2,wherein the controller (72) is arranged to only perform the communicationwith the access control device (30) when a trigger condition has been determined to be true.
4. The access control communication device (70) according to claim 3,wherein the trigger condition is true when a timer of the access control communication device (70) expires.
5. The access control communication device (70) according to claims 3 or4, wherein the access control communication device (70) further comprises auser interface (71), and the trigger condition is true when an update command is detected using the user interface (71).
6. The access control communication device (70) according to any one ofclaims 1 to 5, wherein the access control communication device (70) forms part of a mobile communication terminal (79).
7. The access control communication device (70) according to any one ofclaims 1 to 6 further comprising a code input device (77), wherein thecontroller (2) is arranged to extend a validity time of a key device (1) incommunication with the access control communication device (70), when a correct code has been entered using the code input device (77).
8. A method, performed in an access control communication device (70),the access control communication device comprising a short distance radiocommunication module (75); a cellular radio communication module (76);and a controller (72), the method comprising the steps of: determining (90) that a key device (1) is in communication with theaccess control device (70) using the short distance radio communicationmodule (75) and that the key device (1) is in communication with a lockdevice (20) for determining access to a physical space; obtaining (97) an identifier of the lock device (20) from the key device(1): communicating (92), access rights associated with the key device usingthe cellular radio communication module (76), with an access control device(30) over a cellular communication network (32), the communicatingcomprising the sub-steps of: sending a request for access management data associated with the lock device (20), and receiving access management data associated with the lock device (20); andtransmitting (98) the access management data to the key device (1) for transfer to the lock device (20).
9. The method according to claim 8, wherein the step of communicating(92) comprises performing any one or more of the following communicationtasks with the access control device (30): receiving updated access rights forone or more lock devices (20), receiving updated access rights specifically forthe key device (1), receiving an updated validity time for the key device (1),receiving an updated time for a clock of the key device (1), sending an audittrail for one or more lock devices (20) and sending an audit trail for the key device (1).
10. The method according to claim 8 or 9, further comprising the step of:determining (91) whether a trigger condition is true; and wherein the step of communicating (92) with the access control device only occurs when the trigger condition has been determined to be true.
11. The method according to claim 10, wherein in the step of determining(91) whether a trigger condition is true, the trigger condition is true when a timer of the access control communication device (70) expires.
12. The method according to claims 10 or 11, wherein the access controlcommunication device (70) further comprises a user interface (71), and in thestep of determining (91) whether a trigger condition is true, the triggercondition is true when an update command is detected from the user using the user interface (71).
13. The method according to any one of claims 9 to 12, further comprisingthe steps of: receiving (94), using a code input device (77), a code entered by a user;and extending (96) a validity time of a key device (1) in communication with the access control communication device (70).
14. The method according to any one of claims 9 to 13, wherein the step ofcommunicating with the access control device (92) comprises acting as a gateway between the key device (1) and the access control device (30).
15. A computer program (66) comprising computer program code which,when run on an access control communication device (70), causes the accesscontrol communication device (70) to: determine that a key device (1) is in communication with the accesscontrol device (70) using the short distance radio communication module(75) and that the key device (1) is in communication with a lock device (20)for determining access to a physical space; obtain an identifier of the lock device (20) from the key device (1); communicate access rights associated with the key device, using thecellular radio communication module (76), with an access control device (30)over a cellular communication network (32) , the communicating comprisingthe sub-steps of: sending a request for access management data associatedwith the lock device (20), and receiving access management data associatedwith the lock device (20); and transmit the access management data to the key device (1) for transfer to the lock device (20).
16. A computer program product (78) comprising a computer programaccording to claim 15 and a computer readable means on which the computer program is stored.
SE2151323A 2021-10-29 2021-10-29 Access control communication device, method, computer program and computer program product SE2151323A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
SE2151323A SE2151323A1 (en) 2021-10-29 2021-10-29 Access control communication device, method, computer program and computer program product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
SE2151323A SE2151323A1 (en) 2021-10-29 2021-10-29 Access control communication device, method, computer program and computer program product

Publications (1)

Publication Number Publication Date
SE2151323A1 true SE2151323A1 (en) 2021-10-29

Family

ID=78610933

Family Applications (1)

Application Number Title Priority Date Filing Date
SE2151323A SE2151323A1 (en) 2021-10-29 2021-10-29 Access control communication device, method, computer program and computer program product

Country Status (1)

Country Link
SE (1) SE2151323A1 (en)

Similar Documents

Publication Publication Date Title
US10282930B2 (en) Access control communication device, method, computer program and computer program product
US10192380B2 (en) Key device and associated method, computer program and computer program product
US10417848B2 (en) Portable access control communication device, method, computer program and computer program product
SE2151323A1 (en) Access control communication device, method, computer program and computer program product

Legal Events

Date Code Title Description
NAV Patent application has lapsed