WO2018231163A2 - System and method for centrally managing unlimited number of users' access to alarm panels - Google Patents

System and method for centrally managing unlimited number of users' access to alarm panels Download PDF

Info

Publication number
WO2018231163A2
WO2018231163A2 PCT/TR2017/000126 TR2017000126W WO2018231163A2 WO 2018231163 A2 WO2018231163 A2 WO 2018231163A2 TR 2017000126 W TR2017000126 W TR 2017000126W WO 2018231163 A2 WO2018231163 A2 WO 2018231163A2
Authority
WO
WIPO (PCT)
Prior art keywords
users
alarm
code
access
access control
Prior art date
Application number
PCT/TR2017/000126
Other languages
French (fr)
Other versions
WO2018231163A3 (en
Inventor
Hüseyin Kürşat KURT
Original Assignee
Bvk Diş Ti̇caret Ve Sanayi̇ Li̇mi̇ted Şi̇rketi̇
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bvk Diş Ti̇caret Ve Sanayi̇ Li̇mi̇ted Şi̇rketi̇ filed Critical Bvk Diş Ti̇caret Ve Sanayi̇ Li̇mi̇ted Şi̇rketi̇
Publication of WO2018231163A2 publication Critical patent/WO2018231163A2/en
Publication of WO2018231163A3 publication Critical patent/WO2018231163A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/629Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L2001/0092Error control systems characterised by the topology of the transmission link
    • H04L2001/0097Relays

Abstract

The invention is about ensuring unlimited number of users' access to alarm panels by registering the users only to a central server application or to a cloud service without requiring their registrations to each alarm panel and by making interconnections to alarm panels switching their statuses to on/off (arm/disarm) by using one time codes. The system subject to the invention can be used with any alarm panel. The invention operates with offline authentication of one time codes which are created based on, person, place, time, validation period and function.

Description

SYSTEM AND METHOD FOR CENTRALLY MANAGING UNLIMITED NUMBER OF USERS' ACCESS TO ALARM PANELS
Technological Field:
The invention is about ensuring unlimited number of users' access to alarm panels by registering the users only to a central server application or to a cloud service without requiring their registrations to each alarm panel and through a wired connection switching their statuses to on/off (arm/disarm) by using one time codes. The system subject to the invention can be used with any alarm panel. It operates with offline authentication of one time codes which are created based on person, place, time, validation period and function.
The General Condition of the Technique: - Electronic safe locks which work with time, person and place based one time codes are on market. However, there is no other example of one time code based access control technology in the world which is applied to alarm panels. Our invention is a pioneering invention in this sense.
- The existing electronic safe locks that work with one time codes based on time, person and place use two types of authentications methods; online authentication or offline authentication. However, these locks are expensive and provide limited management, monitoring and recording capabilities. These products are generally used at ATM safe boxes.
- The variety of input parameters at the one time code based authentication methods used in the market are less. The authentication is done with user PIN, place (device) and time range as input parameters. The one time code input parameters of our invention may include corporate registration number and / or contactless identification card in addition or as an alternative to user PIN for person verification. Besides, one time codes are also differentiated according to their purpose (function) of use.
- It is not possible for offline safe locks in the market to be remotely monitored, updated and to retrieve the log data from the remote. Field visits are frequently required by authorized persons.
- The online safe locks on the market require a continuously live network connection and interconnection with a central server application in order to operate. A password entered is authenticated by a server application, and this condition creates a risk of hacking attack
l (also known as man-in-the-middle attack) anywhere between the server and lock. Our invention ensures a better security by offline password authentication and provided an online network connection, offers the advantages of event recording, remote log retrieval, remote monitoring and updating features.
- The locks in the market can operate with 9V battery. For this reason, a continuous battery renewal
operation and battery cost are matters in question. Our invention can be operated with USB or any energy supply between 5-24V. Battery can be used optionally. Our purpose of developing the invention is to meet user management needs of alarm panel owners, to eliminate the common deficiency of alarm panels in this sense, to improve the level of their security and to utilize the commercial opportunities in national and international markets by applying the area of use of access control technology which operates with person, place, time, validation period and function based one time code to alarm panels.
Either in Turkey or in rest of the World, for the existing alarm panels, users need to be defined on each device separately. Number of user capacities of alarm panels are limited and are mostly insufficient. Adding of new users is a demanding process causing delays. Similarly, deleting a user is also a demanding and time-consuming process, and the delays in user deletion process causes serious security risks of unauthorized access. Since there is no sufficient number of user definition capacity, most times password of a single user is shared with more than one person. This leads to serious security risks and a healthy audit trail cannot be made retrospectively since it cannot be determined who exactly gained access to the place. Furthermore, in general use case of alarm panels, a person should enter a fixed password to switch off (disarm) an alarm panel immediately after entering to a secure zone with a physical key. This causes loss of time, gap in the safety and logistics challenges concerning the management of physical keys.
In case our invention is interconnected with an alarm panel, the limitation of user number is eliminated. Besides, since user management is conducted through a central application, security risks and losses of time due to local user definitions and delays at user deletions are eliminated and operation is facilitated. Person, place, time, validation period and function based one time codes used on the invention and offline authentication of this code maximizes alarm panel security and eliminates security risks such as use of shared passwords and fixed passwords. In case the invention is used with a keypad placed on the outer face of door, the door can be opened while the alarm of an alarm panel is switched off thanks to a separate relay circuit. Thus, user can gain access to place without having a physical key and can save time since two separate processes are not performed anymore. When the use of a physical key is not necessary anymore, key logistics, the risk of stolen or copied keys can be eliminated too.
- The invention uses person, place, time, validation period and function based one time code algorithm. Codes are generated from a central server application but are authenticated offline on the access control device in field. For this reason, our invention is much more secure compared to offline authentication based on locally stored user and fixed password or online password authentication methods.
- Passwords are created for a certain person and this person enters its personal identification number (PIN) and/or registration number and/or taps its contactless identification card for verification before entering one time code. In this way, the identification security of a person who gains access is maximized.
- Codes are generated for a certain access control unit. The same code cannot be used at any other place and for another access control unit.
- Codes are generated for single use and are valid for a certain period of time. They cannot be used before or after the valid period of access. Access control unit can keep time and can confirm the time period which a one time code is valid for.
- Codes are generated for a certain function. For example, a person cannot turn off an alarm with a one time code to be used for removing a device from penalty mode. Functions can be programmed and can be reproduced according to the need.
- Codes are authenticated offline on access control unit. There is no risk of cheating the system by unauthorized access between server and device as is the case for online password validation where the password is generated and validated by the same server application.
- User identification/removal process on the system is performed from center and, thereby, any access by unauthorized users is prevented and identification/removal of users on system is facilitated. There is no need for users to perform preliminary identification on alarm panel or access control unit.
- The system can be managed with separate access control management applications which work on-premise servers at each client. Alternatively, users can benefit from the system as a cloud service thanks to multiple and isolated customer management feature.
- Thanks to operating flexibility between 5-24V, the invention eliminates the necessity of energy supply dependence by utilizing either USB or alternative energy supplies where possible. Battery still remains as an alternative power supply option.
- In case connected to a local network or internet through its onboard network port, the invention can be monitored remotely whether it works or has any error or penalty condition. Thus central operation is facilitated and efficiency is enhanced.
- In case connected to a local network or internet through its onboard network port, the event logs and all valid or invalid one time code records recorded on the device can be remotely monitored on a real-time basis and, likewise, code history and other event logs can be retrieved and saved on the central system automatically. Analyzing the audit trails of possible judicial cases is facilitated.
- The invention can be interconnected with the entrance door of a place in addition to alarm panel and can simultaneously and automatically open the door while disarming an alarm panel. For this, the door has to have a electric-driven lock. This method ensures a critical amount of time and cost advantage compared to mechanical key locks. The persons to gain access do not need any more to carry physical keys or to fetch from somewhere. The closest person to a place can be directed to the required place of access and the person can both open the door and turn off the alarm of an alarm panel with a valid one time code which is delivered by various methods.
- The firmware of the invention can be updated either on field through device management desktop application or remotely through remote monitoring and control application where there is online connection. Thus, it can be always kept updated against future security risks and technological advancements.
- It is also possible to use the invention with the mobile application and NFC communication technology which are developed for this invention as an alternative to manual password keying. In this case, without a need for someone to generate a one time code manually from the access control management software and deliver it to field, the authorized person on field may request and get a code to be valid for itself, the specific device and for the time of request by holding its mobile device close to NFC-supported keypad. Central access control management software generates the code as long as certain security criterias are met. Valid code is sent to the device through a mobile application without need to manual entry and access is gained. Similar mobile application use cases can be applied to QRcode or RFID tag readeing instead of NFC communication.
- For the invention, a user-specific PIN (personal identification number) is used together with one time code. In case the keypad has contactless card reading feature, Mifare, RFID or HID supporting identification cards can optionally be used as a person verification input during access control (PIN and/or contactless card and OTC). Besides PIN and contactless card, registration number can also be included in user verification process. Thereby, user verification security becomes increased (PIN and/or contactless card and/or Registration number and OTC).
- One time code request methods on the system are varying. These methods are as follows; a) It is generated by a user on Central Access Control Management Application, b) Code user requests a code from the server with a mobile application, c) Code user dials the required information on keypad and requests from the server, d) Code user requests with an SMS. e) Code user requests with an e-mail, f) Code user requests by calling automatic interactive voice response (IVR) system over phone, g) After web service connection is established with a third party server, that server may request a code.
For those methods where code user makes the request, the person can use its PIN and/or contactless identification card and/or registration number in order to verify itself.
- There are various ways to deliver one time code generated on the system to the person who asks for access. These methods are as follows; a) The user who generates one time codes communicates with code user verbally or in written, b) Server sends code through the same channel in response to the request made with mobile application, c) The code is sent to user with an SMS. d) The code is sent to user with an e-mail, e) Code user is called on phone by automatic interactive voice response (IVR) system and code is thus delivered, f) The request sent through web service connection by a third party server software is answered on the same channel.
- The system can ensure connection with alarm panel control application and can transmit the data concerning the generated and used codes and code users to alarm panel control application. Since unlimited number of users can be involved in the system and since it can be monitored who, when and to where access is gained, a more detailed and secure information can be delivered to Alarm Panel control application. The operations of alarm panel remote monitoring centers are facilitated and their efficiency is enhanced.
- Central access control management application of the invention can be installed on a local server and used inside the local network and, it can also be utilized as a cloud service or, in case preferred, as a paid service. Cloud service is an advantageous choice which decreases initial investment costs and which does not abandon server maintenance and back-up responsibility to client.
- The invention can be connected to any alarm panel. It has a wide and flexible use.
- The invention is compatible with all wiegand, serial (RS232, PS2), analogue, digital and matrix type keypads. It has a wide and flexible use.
- It has a dry contact connection feature to an alarm panel where access control unit triggers the alarm panel in case of an attack happens such as deactivation, tampering or damaging. Thus, alarm monitoring center will be informed about the condition in case it has been out of service.
Description of the Figures:
The invention will be described with reference to the attached figures. Thereby, the features of the invention will be understood and grasped more clearly. However, the purpose is not to limit the invention with certain regulations. On the contrary, all the alternatives, changes and equivalents of the invention which can be included in the area defined by the attached volitions are aimed to be involved. It should be understood that the details provided are given in order to describe the preferred regulations of the invention and to provide the most practical and understandable definition of both method formulation and invention rules and conceptual characteristics. In these drawings;
Figure 1 Schematic image of the preliminary preparation part of the system.
Figure 2 Schematic image of the installation stage of the system.
Figure 3 Schematic image showing the operation of the system.
The figures which will help to the understanding of this invention are numbered as specified in the attached picture and are as follows: Description of the references:
1. Access Control Electronic Circuit
2. Firmware
3. KevPad
4. Alarm Panel
5. Central Access Control Management Application
6. Desktop Device Control Application
7. Remote Monitoring and Control Application
8. Mobile Application
9. Contactless Identification Card
10. Locked Door
11. Central Access Control Management Application User
12. Code User
13. One Time Code
14. Alarm Panel Remote Monitoring and Control Application
15. Alarm Panel Remote Monitoring Center
16. Personnel Registration Number
17. Personal Identification Number (PIN)
18. Short Message (SMS)
19. Interactive Voice Response System (IVR)
20. Voice Call
21. Web Service
22. E-mail
23. Internet/Local Network
Detailed Description of the Figures
- Access Control Electronic Circuit (1): It is an electronic circuit specially designed and manufactured as part of the invention. It may have various dimensions and shapes according to the device it uses. It has different models based on different areas of use. At the most advanced model, there are 3 relays, Ethernet and USB ports, programming port, wiegand, analogue, digital, matrix type keypad (2) ports, DB9 type serial port and PS2 port, 5-24V power supply socket and NFC or RF or bluetooth chip and antenna. - Firmware (2): It is the software running in access control electronic circuit (1). It analyzes time-, person- (12), place- and function based one time code (13) with the offline authentication algorithm. In case it authenticated code (13), it drives electronic circuit (1) to trigger one or more relays. It also has various functions and operating variables (parameters) which determine the behaviors of electronic circuit (1) and ensures the operation of electronic circuit (1) according to these values. It evaluates the personal identification number (PIN) (17) transmitted through keypad (3) or through mobile application (8) with NFC connection, contactless identification card (9), registration number (16) and one time code (13) then triggers the relay circuit (circuits) or rejects. It records to the memory the valid and invalid code (13) entries and other event logs. The models with NFC reading/writing capacity within keypad (3) communicate with the mobile application (8) which is developed for this invention. It performs the processes such as code (13) exchange, logs updating, software (2) updating, parameter updating and time updating via USB, Ethernet and/or NFC wireless communication. The models connected to a local network or internet (23) with Ethernet ensures one time code (12) request for persons registered on the system (12) from central access control management application (5). It transfers used code (12) logs which are accumulated on the memory of access control circuit to remote monitoring and control application (7). It provides real-time transfer of all event logs to remote monitoring and control application (7). It performs the commands coming from remote monitoring and control application (7). It performs the remote updating tasks of firmware (2) and parameters.
- KeyPad (3): It is the keypad on which code user (12) dials PIN (17) and/or personnel registration number (16) and/or scans contactless identification card (9) (on card reader models) and, after that, dials one time code (13) given to the user. All wiegand, serial (RS232 PS2), analogue, digital and matrix type keypads can be used with the invention. Besides, RFID, Mifare and HID card reader, Bluetooth or NFC key pads (3) can also be used optionally, indoor and outdoor models can be preferred according to the use case.
- Alarm Panel (4): It is a device which detects unauthorized entries and informs Alarm panel remote monitoring center (15) and which creates an alarm with siren and light alert on the spot. Under normal conditions, a user who is registered on the panel (4) beforehand, has to dial its password and switch off (disarm) the alarm immediately after entering to the secure zone protected by the panel (4). The invention is compatible with all brands and models of alarm panels (4) and ensures secure alarm switching without need to identify a user to alarm panel (4).
- Central AccessControl Management Application (5): It is a server application specially designed and developed for this invention using web technologies. It performs the add, remove and edit processes of access control electronic circuits (1), application users (11) and code users (12). Application users (11) can create one time codes (13) on this application (5) for any authorized person (12) and registered device (1) that can be used at a selected starting time and validity period. Besides, one time code (13) request can be made to the application (5) by code user (12), mobile application (8), keypad (3) SMS (18) and interactive voice response system (19). Application user can deliver code (13) to code user on telephone (20) and, in the same manner, the application (5) can transmit these codes (13) to users via e-mail (22) and/or short message (SMS) (18) and/or mobile application (8) and/or IV (19) based on the preference. Furthermore, the application (5) can communicate with third party applications, accept or deliver code (13) request through web service (21).
- Desktop Device Control Application (6): It is a PC application specially designed & developed for this invention. It interconnects with the device through USB and conducts function test, parameter update, firmware (2) update, unique identification number and master key code changing functions.
- Remote Monitoring and Control Application (7): It is a server application specially designed & developed for this invention using Web technologies. The application can be hosted on a local server and run in the local network (23) or used as a paid service on the cloud (23). It interconnects with online access control electronic circuits (1) , monitors real time device (1) status and reports historical logs of device status and errors. It can remotely make status check, reset, update firmware (2) and parameters of access control electronic circuits (1). It can also remotely change the unique identification number and master key codes of access control electronic circuits (1).
- Mobile Application (8): It is specially designed and developed for this invention to run on mobile devices. It is used to open a device (1) without dialing keypad (3) where the mobile device and the keypad (3) both supports NFC wireless communication. The application (8) communicates with central access control management application (5) via internet (23) and requests one time code (13) for code user (12) and a registered device (1). It transmits the PIN number (17) of code user (12) and the provided code (13) to the device (1) through NFC connection and let the device (1) authenticates or rejects the code (13). The application (8) also conducts time updating, firmware (2) and parameter updating, user PIN (17) change, log data transfer from device (1), unique identification number and master key code updating processes.
- Contactless Identification Card (9): The contactless identification cards given by institutions to their personnel for turnstile or door passes can also be used as an input for the verification of code user (12) on the Invention. Code users (12) may also use cards (9) to request a code (13) for themselves through key pad (3). The contactless identification cards (9) which support MiFare, RFID or HID technologies are also used for person verification on one time code (13) by code users (12) tapping them on keypad (3) in case the model contains key pads (3) with card reader.
- Door with Lock (10): It is a door which has a motor lock that can be triggered with electric power. The door can be used interior space or exterior space door according to the preference. In case keypad (3) is placed on the outer face of the place, access control electronic circuit can simultaneously switch off the alarm of alarm panel (4) and open the door (10) upon authentication of one time code (13).
- Central Access Control Management Application User (11): The users of the application can have varying roles. Each role has different authorization and access rights.
- Code User (12): They are the people who switch off the alarms of alarm panels (4) on the field and thus ensure secure access to the place. The code users who are identified beforehand on central access control management application (5) gain secure access to places using one time codes (13) which are provided to them or which they requested by various methods. In order to gain access, code users (12) dial on keypad one or a combination of PIN (17), contactless identification card (9), mobile application (8) or personnel registration number (16) according to the method of preference and then they enter one time code (13) and, if any, function code.
- One Time Code (13): It is the code generated by central access control management application (5) and authenticated offline by access control electronic circuit (1). It is generated with an algorithm developed for the invention. In order to verify unique identification number, master key code defined on the system, validity start time, validity period, function code variables and person, one or a combination of PIN (17), Contactless identification card (9), unique identification number and personnel registration number (16) variables are used.
- Alarm Panel Remote Monitoring and Control Application (14): These are third party applications which ensure remote monitoring of alarm panels (4). The invention can provide connection to and exchange information about any alarm panel remote monitoring and control application through web service. Central access control management application (5) can transmit detailed information about who (12) accessed to the place when and with which code (13) and can receive code (13) generation request.
- Alarm Panel Remote Monitoring Center (15): It is the work unit which remotely monitors alarm panels (4) using alarm panel remote monitoring and control application, evaluates alarm notifications received from alarm panels (4) and which executes necessary security procedures.
- Personnel Registration Number (16): It is a unique registration number assigned to be used for the monitoring and control of employees by institutions.
- Personal Identification Number (PIN) (17): It is a number assigned for the code users who are defined on the system by central access control management application (5). Personal identification number (17) can be determined by access control management application (5) and can also be determined and/or changed by code user. The code is a confidential information to be protected by code user (12). PIN (17) is used as a variable by central access control management application (5) to generate one time code (13) and code user (12) dials PIN (17) before entering the code (13) in order to ensure that the firmware (2) calculates the same code (13) using the same algorithm.
- Short Message (SMS) (18): It is used as a communication method on the system to let central access management application (5) deliver a one time code (13) to a code user (12) and/or to let a code user (12) request a code (13). Sending SMS messages requires an integration with a third party SMS service provider.
- Interactive Voice Response System (IVR) (19): It is used as a communication method on the system to let central access management application (5) deliver a one time code (13) to a code user (12) and/or to let a code user (12) request a code (13). IVR (19) communication requires an integration with a third party IVR system. - Voice Call (20): It is used as a communication method on the system to let central access management application (5) deliver a one time code (13) to a code user (12) and/or to let a code user (12) request a code (13).
- Web Service (21): It is used for data exchange between central access management application (5) and/or Remote monitoring and control application (7) or with third party applications out of the system. In addition to pre-developed web services (21), there may also be new services (21) to be developed according to emerging needs during field installation or to the requests of customers.
- E-mail (22): It is used as a communication method on the system to let central access management application (5) deliver a one time code (13) to a code user (12) and/or to let a code user (12) request a code (13). E-mail (22) communication requires an integration with a third party SMTP server.
- Internet/Local Network (23) : It is the internet or intranet connected to local network. Detailed Description of the Invention:
The invention is about ensuring unlimited number of users' access to alarm panels by registering the users only to a central server application or to a cloud service without requiring their registrations to each alarm panel and through a wired connection switching their statuses to on/off (arm/disarm) by using one time codes. The system subject to the invention can be used with any alarm panel. It operates with offline authentication of one time codes which are created based on person, place, time, validation period and function. Preliminary Preparation for the System: The preliminary preparations to be made before access control electronic circuits (1) are installed on the field are as follows:
- By making a USB connection between access control electronic circuits (1) and a PC running desktop device control application (6), firmware (2) is setup and operating parameters are loaded. Unique identification number and master key are written on firmware (2) during this process.
- Optionally, required web service integrations with SMS (18), IVR (19), e-mail (22) service providers and central access control management application (5) are made.
- Central Access control management application users (11) and their user rights are defined on central access control management application (5). The mobile phone numbers and e- mail addresses of users are recorded. The application (5) sends user name and password information to the users (11) by SMS (18) and e-mail (22) message.
- Code users (12) and their weekly working schedules (days & hours) are defined on central access control management application (5). Beside the telephone numbers and e-mail addresses of code users (12), personnel registration numbers (16) and contactless identification cards (9) are also optionally recorded. The application (5) sends to the users (12) their PIN (17) by SMS (18) and e-mail (22) message.
Access control electronic circuits (1) and the alarm panels (4) to be used by these circuits are defined on central access control management application (5). While these circuits (1) are defined, unique identification number and master key of each circuit (1) are registered on the application (6).
- Necessary web service (21) settings are made on central access control management application (5) in order that information exchange with remote monitoring and control application (7) is ensured. - Necessary web service (21) settings are made on central access control management application (5) in order that information exchange with alarm panel remote monitoring and control application (14) is ensured.
B. System Installation:
- Necessary internet and local network (23) connections are provided in order that central access control management application (5), remote monitoring and control application (7), SMS (18), IVR (19) and e-mail (22) services can be used.
- Necessary internet and local network (23) connections are provided in order that data exchange can be made through web services using alarm panel remote monitoring and control application of central access control management application (5).
- Access control electronic circuits (1) are connected to alarm panels (4) on field through relevant relay circuit in order to switch on / off the alarm.
- Indoor or outdoor keypads (3) with or without NFC and/or card reader feature are optionally assembled within or without the place and connection is provided to access control electronic circuits (1) through wiegand, analog, series or PS2 port in accordance with relevant connection socket type.
- In case keypad (3) is mounted outside of the place, optionally access control circuit (1) is connected to the lock of the door (10) through the relevant relay.
- Access control electronic circuit (1) interconnects with the alarm panel (4) through the relevant dry contact port in order to report disassembly or tamper attacks to be conducted on it.
-Depending on the physical conditions on field, either a 5V power through a USB port or 5- 24V energy is supplied from another power source to access control electronic circuit (1). C. The Operation of the System:
- In case one time code (13) is generated by a user (11) on central access control management application (5); The application user (11) generates a one time code (13) that starts at the requested day & hour, to be valid for a required period, for the selected access control electronic circuit (1) and for the code user (12) who will gain access. Central access control management application (5) uses a special algorithm to generate the one time code (13). In this algorithm, unique identification number and master key values are used to specify access control electronic circuit (1), while PIN (17) and/or personnel registration number (16) and/or contactless ID card's (19) unique number values are used to specify code user and additionally epoch time value, validity period code and function code values are used as other variables. The application user (11) delivers this code (13) to code user (12) by way of SMS (18) and/or IVR (19) and/or voice call (20) and/or e-mail (22). The user (12) receiving one time code (13) and being present at the selected access point within the period of valid time, firstly dials PIN (17) and/or personnel registration number (16) on keypad and/or taps contactless card (9). After that, the user dials the one time code (13) provided to him/her. Firmware (2) generates a one time code (13) by using special algorithm and variables used by central access control management application (5) in order to generate code (13). In case the generated code (13) and the code (13) dialed by user (12) match, access control electronic circuit switch off the alarm of alarm panel. In case keypad (3) is mounted out of the place and access control circuit (1) is interconnected with lock of the door (10), access control electronic circuit (1) switch off alarm while, at the same time, triggers the lock of the door to open through relay circuit. - In case one time code (13) is requested by code user through a keypad: Code user (12) firstly dials on keypad PIN (17) and/or personnel registration number (16) and/or taps contactless card (9) provided in advance according to choice. Later on, the code user (12) dials the function code determined for one time code request. Firmware (2) adds unique identification number recorded in its memory to this information and sends them to central access control management application (5). The application (5) generates a one time code (13) to be valid for the shortest period of time and to be used on access control electronic circuit (1) of the place by the code user (12) who will gain access for the time of request. Central access control management application (5) uses a special algorithm to generate one time code. In this algorithm, unique identification number and master key are used to specify access control electronic circuit (1) while PIN (17) and/or personnel registration number (16) and/or contactless ID card's (19) unique number values are used to specify code user (12), additionally epoch time value, validity period code and function code are used as other variables. Central access control management application (5) delivers the code to code user (12) by way of SMS (18) and/or IVR (19) and/or voice call (20) and/or e- mail (22). The user (12) receiving one time code (13) firstly dials PIN (17) and/or personnel registration number (16) on keypad and/or taps contactless card (9) within the period of valid time. After that, the user dials the one time code (13) provided to him/her. Firmware (2) generate a one time code (13) by using special algorithm and variables used by central access control management application in order to generate code (13). In case the generated code (13) and the code (13) dialed by user (12) match, access control electronic circuit switch off the alarm of alarm panel. In case keyad (3) is mounted out of the place and access control circuit (1) is interconnected with the lock of the door (10), access control electronic circuit (1) switch off alarm while, at the same time, triggers the lock of the door to open through relay circuit.
- In case one time code (13) is requested by code user through mobile application; In case keypad (3) has NFC reader and mobile application (8) runs on a mobile device with NFC support, code user (12) starts mobile application (8) and holds its device closer to the keypad. Mobile application (8) interconnects with keypad (3) and reads the unique identification number of access control electronic circuit (1). Later on, code user (12) enters its phone number and/or PIN (17) and/or personnel registration number (16), and submits its one time code (13) request to central access control management application (5). In case keypad and/or mobile device has not NFC reader feature, password user (12) firstly chooses on mobile application (8) the place it wants to gain access and then submits its one time code (13) request to central access control management application (5) upon entering other person identification information. The application (5) generates a one time code (13) to be valid for the shortest period of time and to be used on access control electronic circuit (1) of the place by the code user (12) who will gain access for the time of request. Central access control management application (5) uses a special algorithm to generate one time code. In this algorithm, unique identification number and master key are used to specify access control electronic circuit (1) while PIN (17) and/or personnel registration number (16) and/or contactless ID card's (19) unique number values are used to specify code user (12), additionally epoch time value, validity period code and function code are used as other variables. Central access control management application (5) sends the code to the mobile application (8) of code user (12). In case communication is established through NFC, code user (12) holds its mobile device closer to keypad once more and ensures that it is transmitted to access control electronic circuit through keypad (3). In case there is no NFC connection, the user (12) who views one time code (13) on mobile application user interface firstly dials PIN (17) and/or personnel registration number (16) on keypad and/or taps contactless card (9) within the time of valid period. After that, the user dials the one time code (13) provided to him/her. Firmware (20) generates a one time code (13) by using special algorithm and variables used by central access control management application in order to generate code (13). In case the generated code (13) and the code (13) dialed by user (12) match, access control electronic circuit switch off the alarm of alarm panel. In case keypad (3) is mounted out of the place and access control circuit (1) is interconnected with the lock of the door (10), access control electronic circuit (1) switch off alarm while, at the same time, triggers the lock of the door to open through relay circuit.
- Remote monitoring and control of access control electronic circuits (1) with remote monitoring and control application (7); In case access control electronic circuit (1) runs with connection to internet or a local network (23), it submits the information about its status to remote monitoring and control application (7) through a special communication protocol. Status information contain data such as whether Electronic circuit (1) operates actively, whether there is an error and, if any, what is the error, whether there is penalty, what are conditions of relays. Besides, remote monitoring and control application (7) can manage and query access control electronic circuit (1) remotely. In this sense, the application (7) can obtain serial number, product code, firmware (2) version number, working parameter values and historical transaction logs from the firmware (2), can reset electronic circuit (1), can update working parameter values and firmware (2) with new version and can check and update time. Remote monitoring and control application (7) summarizes the real-time data it collects from the access control electronic circuits (1) on field on a dashboard consisting of graphics and tables and, at the same time, saves in its database to conduct retrospective reporting and analysis processes. Pursuant to error and status information coming from access control electronic circuits (1), remote monitoring and control application (7) provides automatic alert notifications as per pre-defined rules. Remote monitoring and control application (7) performs instant data exchange with central access control management application via web services (21).

Claims

1- The invention is about ensuring unlimited number of users' access to alarm panels by registering the users only to a central server application or to a cloud service without requiring their registrations to each alarm panel and through a wired connection switching their statuses to on/off (arm/disarm) by using one time codes. The system subject to the invention can be used with any alarm panel; and the system is comprised of access control electronic circuit (1), an embedded software (2), a keypad (3), an alarm panel (4), a central access control management application (5), a desktop device management application (6), a remote monitoring and management application (7), a mobile application (8), a contactless identity card (9), a door with lock (10), a user of the central access control management application (11), a code user (12), a one-time code (13), an alarm panel's remote monitoring and management application (14), an alarm panel's remote monitoring centre (15), a personnel registration number (16), a personal identification number (PIN) (17), a short message (SMS) (18), an interactive voice response system (IVR) (19), a voice call (20), a web service (21), an e-mail (22), and an internet/local network (23) system.
2- This is related to the system and method about ensuring unlimited number of users' access to alarm panels by registering the users only to a central server application set forth in the Volition 1 and is characterized by that the invention has a system and method applicable to all kinds of alarm panels.
3- This is related to the system and method about ensuring unlimited number of users' access to alarm panels by registering the users only to a central server application set forth in the Volition 1 and is characterized by that the invention removes the obligation to identify a limited number of users in every alarm panel and enables the process of adding/removing an indefinite number of users to only a central server application.
4- This is related to the system and method about ensuring unlimited number of users' access to alarm panels by registering the users only to a central server application set forth in the Volition 1 and is characterized by that alarm statuses of alarm panels can be switched on/off (arm/disarm) by a one time code method based on the person, place, time, duration and function, instead of switching on/off with fixed passwords.
5- This is related to the system and method about ensuring unlimited number of users' access to alarm panels by registering the users only to a central server application set forth in the Volition 1 and is characterized by that while the invention makes the authentication offline with a one time code without need to a network connection, it can make a detailed and real time notification about its status over a network connection and it can be remotely monitored and managed.
6- This is related to the system and method about ensuring unlimited number of users' access to alarm panels by registering the users only to a central server application set forth in the Volition 1 and is characterized by that it can communicate with the Alarm Panel's Remote Monitoring and Management Application and notifies the information about the identity of an unlimited number of users, their valid or invalid code entry attempts and their access times. 7- This is related to the system and method about ensuring unlimited number of users' access to alarm panels by registering the users only to a central server application set forth in the Volition 1 and is characterized by that it has the feature to both switch off the alarm of an alarm panel and at the same time, open the door automatically after entering a valid one time code.
8- This is related to the system and method about ensuring unlimited number of users' access to alarm panels by registering the users only to a central server application set forth in the Volition 1 and is characterized by that using the PIN information as well as a contactless identity card supporting Mifare/R FID/HID and/or a personnel registration number in order to verify the person who will switch off the alarm of alarm panel.
9- This is related to the system and method about ensuring unlimited number of users' access to alarm panels by registering the users only to a central server application set forth in the Volition 1 and is characterized by that executing any function at the access control electronic circuit and its embedded firmware requires authentication of a special one time code generated specific to the selected function.
10- This is related to the system and method about ensuring unlimited number of users' access to alarm panels by registering the users only to a central server application set forth in the Volition 1 and is characterized by that it notifies attacks such as disabling, tampering or damaging the Access Control Electronic Circuit, to the alarm panel as an alarm case.
11- This is related to the system and method about ensuring unlimited number of users' access to alarm panels by registering the users only to a central server application set forth in the Volition 1 and is characterized by that the system has a speciallt designed and developed Access Control Electronic Circuit(l) and an embedded software(2) uploaded to this circuit.
PCT/TR2017/000126 2016-11-18 2017-11-20 System and method for centrally managing unlimited number of users' access to alarm panels WO2018231163A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
TR2016/16793 2016-11-18
TR2016/16793A TR201616793A2 (en) 2016-11-18 2016-11-18 SYSTEM AND METHOD OF MANAGING UNLIMITED USER ACCESS TO ALARM PANELS FROM THE CENTER

Publications (2)

Publication Number Publication Date
WO2018231163A2 true WO2018231163A2 (en) 2018-12-20
WO2018231163A3 WO2018231163A3 (en) 2019-01-17

Family

ID=64660547

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/TR2017/000126 WO2018231163A2 (en) 2016-11-18 2017-11-20 System and method for centrally managing unlimited number of users' access to alarm panels

Country Status (2)

Country Link
TR (1) TR201616793A2 (en)
WO (1) WO2018231163A2 (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2009200408B2 (en) * 2006-09-12 2012-05-10 Cpc Patent Technologies Pty Ltd Password generator
US8957757B1 (en) * 2010-10-28 2015-02-17 Alarm.Com Incorporated Access management and reporting technology
DK3272101T3 (en) * 2015-03-20 2020-03-02 Aplcomp Oy Audiovisual associative authentication method, corresponding system and apparatus

Also Published As

Publication number Publication date
WO2018231163A3 (en) 2019-01-17
TR201616793A2 (en) 2017-06-21

Similar Documents

Publication Publication Date Title
US11282314B2 (en) Systems and methods for controlling access to physical space
US11636721B2 (en) Access management and reporting technology
US10565809B2 (en) Method, system and device for securing and managing access to a lock and providing surveillance
US20230154255A1 (en) Modifying access control permissions
CN1737719B (en) Security system and method for an industrial automation system
EP3736714B1 (en) Systems and methods for remote access rights and verification
CN108933668B (en) Method and security system for using a control panel device
US10089806B2 (en) Device and system for controlling secure key access using an internet-connected key box device
WO2006136662A1 (en) Communication method of access control system
JP4651016B2 (en) Security system
CN110677436A (en) Object access authority management background system, device and user terminal
CN105006045A (en) NFC cell phone dynamic password entrance guard system and control method thereof
US20220262184A1 (en) Property management systems
CN110288727A (en) The intelligent system on duty in unmanned laboratory
WO2018231163A2 (en) System and method for centrally managing unlimited number of users' access to alarm panels
KR20120011932A (en) On line door lock control system for automatic teller machine
KR101159984B1 (en) On line door lock control system for automatic teller machine
CN110992542A (en) NB-IOT intelligent lock, terminal, control method, chip and medium
CN115884182A (en) Self-authentication digital identity management system and method based on intelligent contract
JP2000181563A (en) Information processing system
CN117044258A (en) Method for operating electronic lock for locking community assets and electronic lock system
TR201711136A2 (en) USER LOGON ON COMPUTERS WORKING WITH WINDOWS OPERATING SYSTEM (WINDOWS LOGON), PERMANENT OR LONG ACCESS TO SOFTWARE AND DIGITAL FILES ETC. TRANSACTIONS WITHOUT THE USE OF ANY ADDITIONAL HARDWARE, WITHOUT ANY ONLINE CONNECTION AND COMPLETELY OFFLINE (ONLINE) CONNECTION WITH SINGLE-USE (OFFLINE) APPLICATION, ACCESS AND METHOD
JP2004250888A (en) In-and-out control system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17913298

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17913298

Country of ref document: EP

Kind code of ref document: A2