WO2019245383A1 - Improved access control system and a method thereof controlling access of persons into restricted areas - Google Patents

Improved access control system and a method thereof controlling access of persons into restricted areas Download PDF

Info

Publication number
WO2019245383A1
WO2019245383A1 PCT/NO2019/050130 NO2019050130W WO2019245383A1 WO 2019245383 A1 WO2019245383 A1 WO 2019245383A1 NO 2019050130 W NO2019050130 W NO 2019050130W WO 2019245383 A1 WO2019245383 A1 WO 2019245383A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
access control
smart phone
code
door
Prior art date
Application number
PCT/NO2019/050130
Other languages
French (fr)
Inventor
Knut Harald Helgesen
Original Assignee
Detec As
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Detec As filed Critical Detec As
Priority to EP19823602.8A priority Critical patent/EP3811339A4/en
Publication of WO2019245383A1 publication Critical patent/WO2019245383A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/26Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition using a biometric sensor integrated in the pass
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/77Graphical identity

Definitions

  • the present invention is related to an access control system and a method thereof, and especially to an access control system and method thereof comprising an access application program enabling a smart phone to function as an access card of the access control system.
  • Access control of employees and visitors entering residential areas and/or buildings is common.
  • the access policy can be only to count the number of people moving in and out of the building, for example if the "company" is an open and free museum. If entrance to for example the museum requires payment of tickets, the access control is just a check of valid tickets.
  • access control may require a security level identifying people that are authorized and authenticated to be allowed to enter the research facility, for example to prevent theft of sensitive research data, and also restricting access only to people that are qualified to handle for example dangerous materials (radioactive material, microorganisms etc.).
  • a common access control method is to issue access cards for example comprising information identifying the carrier of the card as an employee having a certain access level to the building.
  • the card is used at access card terminals located besides doors, and when a valid access card is read at the door terminal (via for example NFC communication) the door is opened.
  • Visitors usually makes an approach to a reception area, wherein a receptionist makes a call to a contact person the visitor is informed to contact when arriving.
  • the contact person can then come to the reception area and guide the person inside the building to for example a meeting room, or the contact person authorize the receptionist to print out an access card to the visitor.
  • Such visitor cards are usually valid only for a limited time (i.e. the duration of the visit).
  • Loss of an access card can be a problem. Therefore, further methods of enhancing the protection against misuse of lost access cards is common. For example, access cards used at door terminals can be qualified with a secret PIN code entered into the door terminal via a keypad.
  • Terminals may be configured to read out the identification information stored on an access card, which can be verified in an access control system connected to the door terminal.
  • Biometric data like fingerprint readers, retina scanners, three dimensional face recognition via video cameras etc. can also be used to qualify the identification information stored on the card.
  • a card is omitted and access is controlled only by retina scanning and/or finger print readings for example.
  • Traditional Access control systems may track a person at the access points, but normally not in between access points.
  • Traditional access control systems may not identify wherein a person is located inside the building before arriving at an access point using a specific access card issued to the person.
  • Traditional access control systems may not be able to verify the true identity of a person before being verified via for example a video camera or by security personnel looking at passports etc.
  • Patent application US 20130017812 A1 disclose a computer-implemented method and system providing remote access control of residential or office buildings.
  • the disclosed method allow employing virtual doorman functions in non- doorman buildings.
  • An example of a method may comprise steps of receiving a call signal from an intercom station; the call signal comprising a resident identifier which indicates a resident with whom a visitor is trying to communicate; receiving a video stream generated by at least one camera; the video stream comprising one or more images of the visitor; retrieving visitor data associated with the resident identifier; the visitor data comprising one or more visitor profiles; and providing access to the building for the visitor based upon one or more predetermined criteria.
  • This prior art system may also require extensive administration to maintain associations between visitor data and resident identifiers. If the security of the access control needs to be improved, this prior art system may rely on the more traditional access controls discussed above.
  • an access control system comprising an access server system in communication with a smart phone configured with an access application program configuring the smart phone to function as an access card.
  • an access control system controlling access of persons entering restricted areas comprising:
  • a door system configured to open or close an associated door or gate leading into the restricted area on command from an access server system
  • the door system comprises at least a door display located on a side of the door
  • the access server system displays a specific QR code on the door display, wherein the displayed QR code is changing whenever the door system is closing the door and is signalling the access server of the event of closing the door.
  • the invention is further providing a method of accessing a restricted area in an access control system comprising steps of:
  • the smart phone is configured to send the confirmation code to the door system over an established Bluetooth channel between the door system and the smart phone
  • the door system opens the door or gate associated with the door system.
  • FIG. 1 illustrate an example of embodiment of the present invention.
  • FIG. 1 illustrate further details of the example of embodiment illustrated in Figure 1.
  • FIG. 3 illustrate further details of the example of embodiment illustrated in Figure 1.
  • Figure 4 illustrates further detail of the example of embodiment illustrated in Figure 1.
  • Access control of restricted areas is at least a two-fold process. Firstly, it may involve verifying the identity of a person before the person is granted permission to enter the restricted area, i.e. that the person is who he says he is. Secondly, when entering a restricted area, it may be necessary to check or verify that the person entering a restricted area is the same person that was granted access to the restricted area, i.e. that the person trying to enter is not a different person pretending to be the person that was granted access to the restricted area.
  • the false passport is associated with a living person. If the passport is in the name of a non-existing person, online checking of the passport at a border crossing for example would reveal the false passport quickly. Therefore, the passport needs to be in the name of an existing person, which biometric data is known by the authority issuing the passport. If biometric data is controlled by comparing pre-stored biometric data in a central server system, and/or which are stored in a passport, with corresponding biometric data acquired at a control station, the corresponding biometric data of the physical person in question will probably reveal a false passport.
  • a passport used in verifying a person ' s identity by a private enterprise may be done on basis of the visible information written in the passport, and the information that can be read out from the embedded chip in the passport. Such operation should always be granted by the person in question in writing. Some jurisdiction may not allow this operation at all.
  • the visual inspection may comprise assessing if the date of birth corresponds with the apparent age of the physical person carrying the passport, etc.
  • a private enterprise can always ask a person to identify himself with a valid identification paper or card like a passport or a national identity card etc.
  • the identity paper can in any circumstances be copied by the private enterprise, which can be handed over to the police if it later on turns out that the person was having a false identity. Further, trained personnel of an enterprise can conduct visual inspections as discussed above.
  • An aspect of the present invention is to simplify the administrative aspect related to an access control system.
  • An aspect of the present invention is to allow respective persons (visitor and/or employees) to create their own verified access identity by using their own smart phone.
  • Access tokens like an access card can be advanced devices comprising embedded microelectronics, which for example can store biometric data.
  • Such cards are issued by a competent department of an enterprise, for example. A person need to show up in person and record details of who the person is etc. A verification is normally done of the authenticity of the person.
  • the access card is manufactured and made such that it will be difficult to copy a card to make a false access card.
  • the aspect of the present invention of using a smart phone as an access card makes it necessary, especially if the security level of an area is very high, to authenticate the smart phone as a genuine access card. Therefore, there are three possible authentication processes involved :
  • the system according to the present invention is based on a server/client model wherein the client is a smart phone installed with an access control application according to the present invention.
  • the access server (computer system) according to the present invention is controlled by a person or persons authorized to handle the access server system configured to control access of a specific geographical area, and/or a residential area and/or a building.
  • Figure 1 illustrate some respective system components and main communication flow between system components according to an example of embodiment of the present invention.
  • a communication channel is established between the smart phone and the access control server system of the present invention.
  • the access point 15 refer to a door locking/door opening mechanism or door system located at the door entrance.
  • the door lock is operated electronically as known in prior art.
  • the door locking system is located on both sides of the door.
  • a first step of controlling access through a door is to make sure the physical presence of the person trying to pass the door system, i.e. opening the door.
  • a door system at an access point 15 comprises at least a small display (not illustrated) beside the door.
  • the door display is in communication with an access server system 14, and the access server system 14 is displaying 11 a QR code 10 on the door display.
  • the access application program running in his smart phone in his smart phone may be configured to send 12 the QR code back to the server system 14.
  • the access server system 14 is changing the QR code 10 whenever the door is closed. Therefore, the feedback of the QR code 10 is a strong indication of physical presence of the person.
  • the QR code 10 can include for example comprise
  • the door system may comprise a Bluetooth transceiver, which may be interfaced to a local area network connected to the access control server 14. Thereby it is possible to set up a Bluetooth communication channel between a smart phone located close to the door of the access point 15 and the access control server 14.
  • Standard Bluetooth wireless radio range is normally maximum 10 meters. However, it is possible to shield a Bluetooth transceiver inside for example a door frame around the door at the access point 15. Thereby the Bluetooth range may be limited to a few meters. The point is that the Bluetooth communication can only take place when the person is standing rather close to the door. This is serving as a presence detection of the person in front of a specific door.
  • QR code 10 A security aspect of the use of a QR code 10 is the optical communication between the smart phone and the door locking system.
  • the optical communication over a short range, i.e. the distance between the smart phone and the display makes it difficult to spy or steal a specific QR code by a third person.
  • the recognition of the QR code can be sufficient to grant access for the person.
  • three dimensional face recognition can be used.
  • the access app instructs the person to start the video camera and make a video of the persons face seen from different angles (3D recognition).
  • the live video stream is sent 12 to the access server system 14 that returns an accept signal 13 to the smart phone.
  • the smart phone issues an open door command via fort example the Bluetooth communication channel.
  • the door is opened, the person passes the door, and the door closes and the access control server system 14 submits 11 a next QR code 10 to the display. It is also within the scope of the present invention to apply for example a fingerprint reader in an example of embodiment of a door system.
  • the person issues a request to the responsible department, i.e. the person or persons authorized to authenticate access to the requested object (building, residential area etc.), or directly by sending a message to the access server system 14 that can be configured to interpret requests for access.
  • the request is temporarily approved by transferring a link to the requesting person ' s smart phone comprising a link to an access server system 14 from which the requesting person can download the access control application, the access app, to his own smart phone.
  • identification details like phone number, photo of the persons face, date of birth, social security number etc. is available to the access server system, for example via Internet, from a database of the company comprising data about employees.
  • a door system according to the present invention may comprise a passport reader as found at airports.
  • the requesting person may receive a PIN code to his smart phone via e-mail or SMS for example, which is necessary to enter when starting configuring the access control application.
  • the access control application can automatically start a front side video camera on the phone instructing the requesting person to film himself by moving the camera around his face. Thereby, a three dimensional image of the requesting person's face is created. This image can then be stored in the access server system 14.
  • the level of scrutiny of the requesting person depends on the security level required at the premises protected by the access system. Therefore, in lower security level cases the temporarily approval can happen automatically without interference from any authorized persons controlling the access to the protected building or area. Basis for an interim or temporarily approval can be provided for by a PIN code sent the requesting person as discussed above.
  • a visitor can receive a link to the access control application by an employee or any other trusted person in an organization comprising a link to a server system, for example the access control server system 14, from which the visitor can download the access application program according to the present invention.
  • Figure 2 illustrate a flow of steps when registering an employee provided with the access app according to the present invention.
  • a human resource department will enter personal data 20 related to the employee in an employee database. Copies of identification papers like drivers licence, passports etc. 21 may also be added. Then the company assign and define authorization rules and access rules 22 for the specific employee, i.e. at which security level the employee will function. The first time the employee is registered, an e-mail with username and encrypted password will be sent to the employee enabling the employee to download the access app 23 and start configuring the access app.
  • Respective authorization rules and access rules will be downloaded to respective door systems thereby being configured to allow passage of the employee through respective doors according to the defined access rules of the employee. For example, which area of a building the employee has access, or which areas of the building the employee is denied access.
  • Figure 3 disclose flow of steps for a visitor.
  • a visitor is usually in contact with an employee that will accept a visit from the visitor.
  • the flow represent a simple process of gaining access to the company or organization the visitor plans to visit.
  • the reason behind this is the ability of the combined functionality of the access app and the access server according to the present invention to install access rules residing in door systems.
  • Some personal data 30 of the visitor is necessary to enter together with for example date of the visit and the hours of the day the planned visit will occur. Thereby, the access application program of the visitor is valid only during a narrow time window on a specific day.
  • the visitor receives 31 for example an SMS with a link to the access application access program and authorization code, for example a PIN code, which enables the visitor to download the access application program to his smart phone.
  • authorization code for example a PIN code
  • Figure 4 illustrate a flow diagram representing process steps implemented in the access app, and how the access app communicate with an access server according to the present invention thereby providing functionality as discussed above of the door system and respective access rules.
  • the access "card” is a smart phone
  • tracking of movement of the smart phone inside buildings is possible, for example monitoring GPS positions sent from the smart phone, or by using Internet access points of local area networks to identify positions.
  • the access server 15 may be configured to plot movements on a map depicting the interior of the building.
  • an accelerometer of a smart phone may track movement patterns of a person. Such movements may be individual if a person has suffered some accident or illness that has caused permanent damage to a limb etc., and can be detected in a movement pattern recognition process, wherein a measured movement pattern identified by accelerometer values is compared with previously recorded movement patterns of the same person. This can be part of a further step of verifying the identity of a person.
  • the accelerometer measurements may also reveal if a person is running, which may be portrayed has a suspicious act by the access control server system 14.
  • the access control server system 14 may be configured to identify such a situation and generating a warning to security officers on the premises of the access system according to the present invention. It is also within the scope of the present invention to use voice recognition processes when authenticating a person.
  • the door system according to the present invention is equipped with a battery backup providing emergency power.
  • a copy of the access data, i.e. access rules etc. is stored locally in a computer system located at the door system. Thereby a person can use the access app and be allowed to pass a door.
  • the access server system 14 may be configured to open up all doors and gates in the building. It is also possible to have a smoke and fire detector system nearby respective doors. When a fire, or a possible fire is detected nearby the door, the door system opens up the doors.
  • Some of the tools used in respective examples of embodiments of the present invention are commercial available.
  • face recognition programs that may be used is for example Google MLKIT and Azure Face API.
  • the first step discussed above of verifying a person ' s identity is performed after a person has passed an access controlled door and closed the door again. If the identity should be revealed as false, the access control system according to the present invention can automatically call the police and will not open the door again before police is present.
  • a first step according to the present invention is to give a person access to the access application converting the persons smart phone into an access card or access token.
  • Restricted areas having a lower security requirement may utilize the example of embodiment according to the present invention as discussed with reference to Figure 1. If a higher security level is required, the example of embodiment discussed with reference to Figure 1 will always be a starting point, and additional control mechanisms is built as additional features of the example disclosed in Figure 1.
  • a first QR code 10 displayed on the door panel may comprise instructions for establishing a short range Bluetooth communication channel between the door system comprising a Bluetooth transceiver and the access control server system 14 over a local area network.
  • the Bluetooth communication channel is established when the first QR code is interpreted, via a photo of the QR code, by the access application program running in the smart phone.
  • the access server system 14 may be configured to read out the telephone number from the phone over the Bluetooth communication channel. The phone number can then be compared with respective phone numbers used when access applications has been downloaded into respective smart phones. If the phone number of the smart phone is among the phones being configured with the access applications, the access server system 14 knows that this phone belongs to a person that has been in contact and has been granted to receive the access application and configures the smart phone as an access card or access token.
  • the downloaded access application may be tailored with some specific information the person downloading the application is not aware of.
  • a specific secret user identity which can be an encrypted code, used within the access control system of the present invention for each person requesting a download of the access application, which can be embedded in the downloaded code.
  • a specific user identity code may only be generated after the person in question has provided strong identification of who he is, for example providing details of a passport.
  • the telephone number is something the person has (ref. 2 above).
  • the secret user identification is something the person has indirectly when downloading the access application from the application server system 15.
  • the telephone number is transmitted from the phone via the Bluetooth connection and fulfils requirement 2).
  • Requirement 1 can be fulfilled with a one-time password qualified by a PIN code known by the user.
  • the one-time code should be related to the unique secret user identity thereby making it difficult to utilize a stolen PIN code of another person that has been granted access.
  • the access control server system 14 When the first QR code 10 is photographed by the user with the user ' s smart phone camera, the access control server system 14 knows the identity of the person by searching the phone number among the phone numbers used when downloading the access application to respective phones. Then the secret user identity is also revealed to the access server system 14. The access server system may then be configured to generate a second QR code 10 ' being an instruction to the access application program to generate a one-time password. The access application in the smart phone is configured to generate a one-time password when the user has photographed the second QR code with the instruction of generating the one-time password, and when the person enters for example a one-time PIN code.
  • the one- time PIN code can be issued and sent to the smart phone in an SMS message, or via the Bluetooth connection, at the same time the second QR message is displayed.
  • the one-time password is generated based on the secret user identity embedded into the access application.
  • the one-time password is sent to the access control server 14 via the established Bluetooth communication channel. In this manner the requirement 1) is fulfilled.
  • the actual encryption and decryption algorithm can be one of several prior art encryption/decryption schemes.
  • the one-time password is then transmitted over the Bluetooth communication channel back to the access server system 14, which is configured to verify the one-time password. If the one-time password is correct the access control server system 14 issues a command opening the door.
  • the optical aspect of photographing the first and second QR codes on the display on the side of the door prevents any form of sniffing or spying or copying sensitive information that could be used to fake an entry into a restricted area. Further, a designed short range of the Bluetooth communication range ensures that the person is close to the door.
  • the access system of the present invention allows a person to enter a door, wherein a scrutiny of the person ' s identity can be verified on the inside of the door after the door has closed, for example by examining a passport or a national identity card.
  • an access control system comprises an access control server system (14), an access application program running in a smart phone, wherein the access application program
  • the access point (15) comprises:
  • the door display is configured to display a first QR code issued (11) by the access control server system (14), wherein the first QR code (10) is conveyed to the access application program via a photography of the first QR code taken with a camera of the smart phone, wherein the first QR code (10) comprises instructions for configuring a
  • Bluetooth communication channel between the smart phone and the Bluetooth connection point and the access control server system (14), and the application control server system (14) is further configured to display a second QR code (10) on the door display comprising commands to the access application program running in the smart phone to generate a one-time password,
  • the second QR code is conveyed to the access application program via the camera of the smart phone, the generated one-time password is sent back to the access control server system (14) via the established Bluetooth communication channel, the access control server system (14) is configured to open the door or gate if the one-time password is controlled to be correct.
  • the displayed first QR code may change whenever the door is detected to be closing.
  • the access control server (14) may be configured to open a controlled door when the access application program running in the smart phone is sending back (12) an image of the first QR code via the Bluetooth communication channel to the access control server system (14).
  • the access application program running in the smart phone may configured to issue a command to the door for opening the door over the established Bluetooth communication channel when the access control server system (14) signals back an approval of access via the access point (15). Further, allowed access of a person may be based on an identity of the smart phone and the content of the first QR code received back from the smart phone.
  • the smart phone identity may be the phone number of the smart phone.
  • the displayed first QR code may comprise a verification code of the door or gate location inside the restricted area.
  • the generation of the one-time password may happen when a person associated with the smart phone enters a one-time PIN code received from the access control server (14) via an SMS message, or via the Bluetooth communication channel.
  • the access application program may be configured to instruct a person associated with a specific smart phone in communication with the door system to record a video stream of the persons face, and to transmit the video stream to the access server system(15) for a three dimensional face recognition process.
  • the door system may comprise a finger print reader.
  • the access application program may be configured to instruct a person associated with a specific smart phone in communication with the door system to record the voice of the person, and to transmit the voice stream to the access control server system(14) for a voice recognition process, wherein the access control server system has a pre-stored voice record of the person.
  • the access application program may be configured to send accelerometer values to the access control server system (14), thereby enabling recognition of specific movement patterns of a person carrying a smart phone.
  • AN example of embodiment of the present invention comprises a computer implemented method of granting access to a restricted area controlled by an access control server system (14), comprising steps of: - configuring a smart phone to act as an access card or access token via an access application program running in the smart phone,
  • the first QR code comprises instructions to the smart phone, wherein the smart phone is configured to interpret a photo of the first QR code thereby identifying the instructions submitted in the QR code
  • the instructions in the first QR code configures a communication channel between the smart phone and the access control server system (14),
  • the access control server system (14) decides based on the outcome of the verification of the one-time code to open the access point (15).
  • the one-time code may be generated based on an identity of the smart phone comprising the telephone number of the smart phone.
  • the one-time code may be generated based on a secret user identity generated by the access control server system (14) and being embedded into the access application program when the access application program is downloaded into a smartphone.
  • downloading of the access application program may be authorised by a security department of an enterprise using an access control system according to the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Time Recorders, Dirve Recorders, Access Control (AREA)
  • Telephonic Communication Services (AREA)
  • Lock And Its Accessories (AREA)

Abstract

An access control system controlling access to a restricted area of people is disclosed. An access server system is in communication with door systems configures to open or close doors associated with respective door systems. An access application program is downloaded to respective smart phones of people seeking access to the restricted area. The access application transform the smart phone into an active dynamic type of access card.

Description

Improved access control system and a method thereof controlling access of persons into restricted areas.
FIELD OF THE INVENTION
The present invention is related to an access control system and a method thereof, and especially to an access control system and method thereof comprising an access application program enabling a smart phone to function as an access card of the access control system.
BACKGROUND OF THE INVENTION
Access control of employees and visitors entering residential areas and/or buildings is common. Dependent on a security level of for example a company inside a building, the access policy can be only to count the number of people moving in and out of the building, for example if the "company" is an open and free museum. If entrance to for example the museum requires payment of tickets, the access control is just a check of valid tickets.
If the building houses an advanced research facility, access control may require a security level identifying people that are authorized and authenticated to be allowed to enter the research facility, for example to prevent theft of sensitive research data, and also restricting access only to people that are qualified to handle for example dangerous materials (radioactive material, microorganisms etc.).
It is also common to have areas inside buildings with different security levels. If a specific visitor, entering a high security facility is there to present some new products, access to a special low-level security room designed for ordinary visitors can be used. Therefore, allocating physical electronical access control systems at doors inside buildings enables the possibility of differentiating access control levels of different areas inside buildings.
It is also possible to restrict movement inside buildings to be in one direction. If a person turns around and tries to pass a door the person just walked through, an electronic access control system at the door can prevent the person to go back through the door. A common access control method is to issue access cards for example comprising information identifying the carrier of the card as an employee having a certain access level to the building. The card is used at access card terminals located besides doors, and when a valid access card is read at the door terminal (via for example NFC communication) the door is opened.
Visitors usually makes an approach to a reception area, wherein a receptionist makes a call to a contact person the visitor is informed to contact when arriving. The contact person can then come to the reception area and guide the person inside the building to for example a meeting room, or the contact person authorize the receptionist to print out an access card to the visitor. Such visitor cards are usually valid only for a limited time (i.e. the duration of the visit).
Loss of an access card can be a problem. Therefore, further methods of enhancing the protection against misuse of lost access cards is common. For example, access cards used at door terminals can be qualified with a secret PIN code entered into the door terminal via a keypad.
Terminals may be configured to read out the identification information stored on an access card, which can be verified in an access control system connected to the door terminal.
Biometric data like fingerprint readers, retina scanners, three dimensional face recognition via video cameras etc. can also be used to qualify the identification information stored on the card. In some instances, a card is omitted and access is controlled only by retina scanning and/or finger print readings for example.
Traditional Access control systems may track a person at the access points, but normally not in between access points.
Traditional access control systems may not identify wherein a person is located inside the building before arriving at an access point using a specific access card issued to the person. Traditional access control systems may not be able to verify the true identity of a person before being verified via for example a video camera or by security personnel looking at passports etc.
Traditional access control systems are usually expensive when a high level of access security is required.
Patent application US 20130017812 A1 disclose a computer-implemented method and system providing remote access control of residential or office buildings. The disclosed method allow employing virtual doorman functions in non- doorman buildings. An example of a method may comprise steps of receiving a call signal from an intercom station; the call signal comprising a resident identifier which indicates a resident with whom a visitor is trying to communicate; receiving a video stream generated by at least one camera; the video stream comprising one or more images of the visitor; retrieving visitor data associated with the resident identifier; the visitor data comprising one or more visitor profiles; and providing access to the building for the visitor based upon one or more predetermined criteria.
This prior art system may also require extensive administration to maintain associations between visitor data and resident identifiers. If the security of the access control needs to be improved, this prior art system may rely on the more traditional access controls discussed above.
Therefore, there is a need of an improved method and system thereof providing secure access to restricted areas without undue administration.
OBJECT OF THE INVENTION
It is a further object of the present invention to provide an alternative to the prior art.
In particular, it may be seen as an object of the present invention to provide an access control system comprising an access server system in communication with a smart phone configured with an access application program configuring the smart phone to function as an access card. SUMMARY OF THE INVENTION
Thus, the above described object and several other objects are intended to be obtained in a first aspect of the invention by providing an access control system controlling access of persons entering restricted areas comprising :
a door system configured to open or close an associated door or gate leading into the restricted area on command from an access server system, wherein the door system comprises at least a door display located on a side of the door, wherein the access server system displays a specific QR code on the door display, wherein the displayed QR code is changing whenever the door system is closing the door and is signalling the access server of the event of closing the door.
The invention is further providing a method of accessing a restricted area in an access control system comprising steps of:
- downloading an access application program to a smart phone,
- sending an authorization code from an access server system to the smart phone,
- configuring the access application program using the received
authorization code,
- scan a QR code displayed on a door display with the smart phone,
- send the scanned QR code back to the access server system,
receiving a confirmation code from the access server system confirming grant of access,
- the smart phone is configured to send the confirmation code to the door system over an established Bluetooth channel between the door system and the smart phone,
- the door system opens the door or gate associated with the door system.
Respective aspects of the present invention may each be combined with any of the other aspects. These and other aspects of the invention will be apparent from and elucidated with reference to the embodiments described hereinafter. DESCRIPTION OF THE FIGURES
Figure 1 illustrate an example of embodiment of the present invention.
Figure 2 illustrate further details of the example of embodiment illustrated in Figure 1.
Figure 3 illustrate further details of the example of embodiment illustrated in Figure 1.
Figure 4 illustrates further detail of the example of embodiment illustrated in Figure 1.
The access control system and method thereof according to the present invention will now be described in more detail with reference to the accompanying figures. The accompanying figures illustrates an example of embodiment of the present invention and is not to be construed as being limiting to other possible embodiments falling within the scope of the attached claim set.
DETAILED DESCRIPTION OF AN EMBODIMENT
Although the present invention has been described in connection with the specified embodiments, it should not be construed as being in any way limited to the presented examples. The scope of the present invention is set out by the
accompanying claim set. In the context of the claims, the terms "comprising" or "comprises" do not exclude other possible elements or steps. The mentioning of references such as "a" or "an" etc. should not be construed as excluding a plurality. The use of reference signs in the claims with respect to elements indicated in the figures shall also not be construed as limiting the scope of the invention.
Furthermore, individual features mentioned in different claims, may possibly be advantageously combined, and the mentioning of these features in different claims does not exclude that a combination of features is not possible and advantageous.
Access control of restricted areas is at least a two-fold process. Firstly, it may involve verifying the identity of a person before the person is granted permission to enter the restricted area, i.e. that the person is who he says he is. Secondly, when entering a restricted area, it may be necessary to check or verify that the person entering a restricted area is the same person that was granted access to the restricted area, i.e. that the person trying to enter is not a different person pretending to be the person that was granted access to the restricted area.
The process of verifying a person 's identity is regulated by common law in many countries. Normally, a private enterprise is not permitted to gain access to
information registered by authorities like the passport authority or police in the country of origin of the person in question.
However, we all have passports issued by authorities that guaranty the authenticity of the physical person carrying the passport. Modern passports has embedded chip technology that may comprise biometric data of the person, for example finger prints. Therefore, a passport is normally regarded to be a good verification
mechanism of the true identity of a person.
It is known how to make false passports. One requirement is that the false passport is associated with a living person. If the passport is in the name of a non-existing person, online checking of the passport at a border crossing for example would reveal the false passport quickly. Therefore, the passport needs to be in the name of an existing person, which biometric data is known by the authority issuing the passport. If biometric data is controlled by comparing pre-stored biometric data in a central server system, and/or which are stored in a passport, with corresponding biometric data acquired at a control station, the corresponding biometric data of the physical person in question will probably reveal a false passport.
Private enterprises do not have access to pre-stored biometric data in a server of the passport authorities. Therefore, a passport used in verifying a person 's identity by a private enterprise may be done on basis of the visible information written in the passport, and the information that can be read out from the embedded chip in the passport. Such operation should always be granted by the person in question in writing. Some jurisdiction may not allow this operation at all. The visual inspection may comprise assessing if the date of birth corresponds with the apparent age of the physical person carrying the passport, etc. There are several other features of passports or national identification papers or cards trained inspectors can learn about and use when visually controlling for example passports. Anyhow, a private enterprise can always ask a person to identify himself with a valid identification paper or card like a passport or a national identity card etc. The identity paper can in any circumstances be copied by the private enterprise, which can be handed over to the police if it later on turns out that the person was having a false identity. Further, trained personnel of an enterprise can conduct visual inspections as discussed above.
It is also possible to make a photo of any person or visitor entering the premises of a private enterprise, for example when issuing an interim or temporary access card. Such photos can be stored and used if it later on turns out that the identity of the person or visitor was false.
The application and level of scrutiny of persons when granting access is closely linked to the nature of the restricted area in question, i.e. the level of security that is required when protecting a restricted area.
What is obvious from the above description is that managing an access control system providing controlled access to restricted areas can involve a lot of
administrative work and scrutiny of persons before issuing any form of access tokens used when accessing restricted areas in question.
An aspect of the present invention is to simplify the administrative aspect related to an access control system.
An aspect of the present invention is to allow respective persons (visitor and/or employees) to create their own verified access identity by using their own smart phone.
Access tokens like an access card can be advanced devices comprising embedded microelectronics, which for example can store biometric data. Such cards are issued by a competent department of an enterprise, for example. A person need to show up in person and record details of who the person is etc. A verification is normally done of the authenticity of the person. The access card is manufactured and made such that it will be difficult to copy a card to make a false access card.
The aspect of the present invention of using a smart phone as an access card makes it necessary, especially if the security level of an area is very high, to authenticate the smart phone as a genuine access card. Therefore, there are three possible authentication processes involved :
1) Authenticate that a person is who the person says he is.
2) Authenticate access of the person into a restricted area.
3) Authenticate a smart phone used by the person as an access token when accessing a restricted area.
The system according to the present invention is based on a server/client model wherein the client is a smart phone installed with an access control application according to the present invention.
The access server (computer system) according to the present invention is controlled by a person or persons authorized to handle the access server system configured to control access of a specific geographical area, and/or a residential area and/or a building.
Figure 1 illustrate some respective system components and main communication flow between system components according to an example of embodiment of the present invention.
The first time an employee or a visitor is authorized (collectively referred to as a person below) to enter a restricted area, a communication channel is established between the smart phone and the access control server system of the present invention.
The process of acquiring a smart phone based access app is disclosed further below.
In Figure 1, the access point 15 refer to a door locking/door opening mechanism or door system located at the door entrance. In such systems the door lock is operated electronically as known in prior art. In some instances, the door locking system is located on both sides of the door.
A first step of controlling access through a door (or gate) is to make sure the physical presence of the person trying to pass the door system, i.e. opening the door. A door system at an access point 15 according to the present invention comprises at least a small display (not illustrated) beside the door. The door display is in communication with an access server system 14, and the access server system 14 is displaying 11 a QR code 10 on the door display. The person seeking
authorization to pass the door is then using the camera of his smart phone to make a photo of the QR code 10. The access application program running in his smart phone in his smart phone may be configured to send 12 the QR code back to the server system 14.
The access server system 14 is changing the QR code 10 whenever the door is closed. Therefore, the feedback of the QR code 10 is a strong indication of physical presence of the person. The QR code 10 can include for example comprise
instructions for setting up a Bluetooth connection between the smart phone and the door system of the access point 15. The door system may comprise a Bluetooth transceiver, which may be interfaced to a local area network connected to the access control server 14. Thereby it is possible to set up a Bluetooth communication channel between a smart phone located close to the door of the access point 15 and the access control server 14. Standard Bluetooth wireless radio range is normally maximum 10 meters. However, it is possible to shield a Bluetooth transceiver inside for example a door frame around the door at the access point 15. Thereby the Bluetooth range may be limited to a few meters. The point is that the Bluetooth communication can only take place when the person is standing rather close to the door. This is serving as a presence detection of the person in front of a specific door.
A security aspect of the use of a QR code 10 is the optical communication between the smart phone and the door locking system. The optical communication over a short range, i.e. the distance between the smart phone and the display makes it difficult to spy or steal a specific QR code by a third person.
At a lower security level, the recognition of the QR code can be sufficient to grant access for the person. At a higher security level, three dimensional face recognition can be used. For example, the access app instructs the person to start the video camera and make a video of the persons face seen from different angles (3D recognition). The live video stream is sent 12 to the access server system 14 that returns an accept signal 13 to the smart phone. The smart phone issues an open door command via fort example the Bluetooth communication channel. The door is opened, the person passes the door, and the door closes and the access control server system 14 submits 11 a next QR code 10 to the display. It is also within the scope of the present invention to apply for example a fingerprint reader in an example of embodiment of a door system.
Whenever a person needs access, the person issues a request to the responsible department, i.e. the person or persons authorized to authenticate access to the requested object (building, residential area etc.), or directly by sending a message to the access server system 14 that can be configured to interpret requests for access. The request is temporarily approved by transferring a link to the requesting person 's smart phone comprising a link to an access server system 14 from which the requesting person can download the access control application, the access app, to his own smart phone.
If the requesting person is an employee, identification details like phone number, photo of the persons face, date of birth, social security number etc. is available to the access server system, for example via Internet, from a database of the company comprising data about employees.
Even if the person is an employee of an institution having an extremely high security level, some caution of approving access for any person is necessary since for example a phone belonging to an employee may be stolen. Therefore, performing some steps confirming the identity of the requesting person can be necessary. For example, a door system according to the present invention may comprise a passport reader as found at airports.
When a person is receiving the link to the access app, the requesting person may receive a PIN code to his smart phone via e-mail or SMS for example, which is necessary to enter when starting configuring the access control application. The access control application can automatically start a front side video camera on the phone instructing the requesting person to film himself by moving the camera around his face. Thereby, a three dimensional image of the requesting person's face is created. This image can then be stored in the access server system 14.
The level of scrutiny of the requesting person depends on the security level required at the premises protected by the access system. Therefore, in lower security level cases the temporarily approval can happen automatically without interference from any authorized persons controlling the access to the protected building or area. Basis for an interim or temporarily approval can be provided for by a PIN code sent the requesting person as discussed above.
If the requester is a visitor, any personal data is seldom stored at the premises the visitor plans to visit.
According to an aspect of the present invention, a visitor can receive a link to the access control application by an employee or any other trusted person in an organization comprising a link to a server system, for example the access control server system 14, from which the visitor can download the access application program according to the present invention.
Figure 2 illustrate a flow of steps when registering an employee provided with the access app according to the present invention.
A human resource department will enter personal data 20 related to the employee in an employee database. Copies of identification papers like drivers licence, passports etc. 21 may also be added. Then the company assign and define authorization rules and access rules 22 for the specific employee, i.e. at which security level the employee will function. The first time the employee is registered, an e-mail with username and encrypted password will be sent to the employee enabling the employee to download the access app 23 and start configuring the access app.
Respective authorization rules and access rules will be downloaded to respective door systems thereby being configured to allow passage of the employee through respective doors according to the defined access rules of the employee. For example, which area of a building the employee has access, or which areas of the building the employee is denied access.
Figure 3 disclose flow of steps for a visitor. As discussed above, a visitor is usually in contact with an employee that will accept a visit from the visitor. As illustrated in Figure 3, the flow represent a simple process of gaining access to the company or organization the visitor plans to visit. The reason behind this is the ability of the combined functionality of the access app and the access server according to the present invention to install access rules residing in door systems. Some personal data 30 of the visitor is necessary to enter together with for example date of the visit and the hours of the day the planned visit will occur. Thereby, the access application program of the visitor is valid only during a narrow time window on a specific day.
The visitor receives 31 for example an SMS with a link to the access application access program and authorization code, for example a PIN code, which enables the visitor to download the access application program to his smart phone.
A picture or video of the visitor (taken by the visitor himself) 32 can be stored in the access control server system 14 and be used in a three dimensional face recognition process as discussed above when the visitor enters a door.
Figure 4 illustrate a flow diagram representing process steps implemented in the access app, and how the access app communicate with an access server according to the present invention thereby providing functionality as discussed above of the door system and respective access rules.
When the access "card" is a smart phone, tracking of movement of the smart phone inside buildings is possible, for example monitoring GPS positions sent from the smart phone, or by using Internet access points of local area networks to identify positions. The access server 15 may be configured to plot movements on a map depicting the interior of the building.
It is also possible to use an accelerometer of a smart phone to track movement patterns of a person. Such movements may be individual if a person has suffered some accident or illness that has caused permanent damage to a limb etc., and can be detected in a movement pattern recognition process, wherein a measured movement pattern identified by accelerometer values is compared with previously recorded movement patterns of the same person. This can be part of a further step of verifying the identity of a person. The accelerometer measurements may also reveal if a person is running, which may be portrayed has a suspicious act by the access control server system 14. The access control server system 14 may be configured to identify such a situation and generating a warning to security officers on the premises of the access system according to the present invention. It is also within the scope of the present invention to use voice recognition processes when authenticating a person.
Sometimes power is lost in a building, or there is an emergency incident, for example fire in the building. The door system according to the present invention is equipped with a battery backup providing emergency power. In addition, a copy of the access data, i.e. access rules etc. is stored locally in a computer system located at the door system. Thereby a person can use the access app and be allowed to pass a door.
When there is a fire, the access server system 14 may be configured to open up all doors and gates in the building. It is also possible to have a smoke and fire detector system nearby respective doors. When a fire, or a possible fire is detected nearby the door, the door system opens up the doors.
Some of the tools used in respective examples of embodiments of the present invention are commercial available. For example, face recognition programs that may be used is for example Google MLKIT and Azure Face API.
According to an aspect of the present invention, the first step discussed above of verifying a person 's identity is performed after a person has passed an access controlled door and closed the door again. If the identity should be revealed as false, the access control system according to the present invention can automatically call the police and will not open the door again before police is present.
Therefore, a first step according to the present invention is to give a person access to the access application converting the persons smart phone into an access card or access token.
The actual use and access processes in front of an access point according to present invention requires different procedures related to the required security level of the restricted area the access point 15 is guarding.
Restricted areas having a lower security requirement may utilize the example of embodiment according to the present invention as discussed with reference to Figure 1. If a higher security level is required, the example of embodiment discussed with reference to Figure 1 will always be a starting point, and additional control mechanisms is built as additional features of the example disclosed in Figure 1.
An aspect of the example discussed in Figure 1 is the detection of the physical presence of a person in front of a door. The next steps may be to verify that the person present in front of the door corresponds to the person that requested the access app residing in his smart phone. As discussed above, a first QR code 10 displayed on the door panel may comprise instructions for establishing a short range Bluetooth communication channel between the door system comprising a Bluetooth transceiver and the access control server system 14 over a local area network.
The Bluetooth communication channel is established when the first QR code is interpreted, via a photo of the QR code, by the access application program running in the smart phone.
The access server system 14 may be configured to read out the telephone number from the phone over the Bluetooth communication channel. The phone number can then be compared with respective phone numbers used when access applications has been downloaded into respective smart phones. If the phone number of the smart phone is among the phones being configured with the access applications, the access server system 14 knows that this phone belongs to a person that has been in contact and has been granted to receive the access application and configures the smart phone as an access card or access token.
According to an aspect of the present invention, the downloaded access application may be tailored with some specific information the person downloading the application is not aware of. For example, a specific secret user identity, which can be an encrypted code, used within the access control system of the present invention for each person requesting a download of the access application, which can be embedded in the downloaded code.
A specific user identity code may only be generated after the person in question has provided strong identification of who he is, for example providing details of a passport. There is several known methods in prior art related to authenticating persons when accessing for example Internet banks. Such methods are often referred to as multi- factor authentication. The principle is that access is granted to a person only after the person has presented at least two pieces of evidence or factors to an
authentication mechanism. This can be:
1) something a user and only the user knows,
2) something a user have, or
3) something a user is.
With reference to the discussion above, the telephone number is something the person has (ref. 2 above). Also, the secret user identification is something the person has indirectly when downloading the access application from the application server system 15.
As mentioned above, the telephone number is transmitted from the phone via the Bluetooth connection and fulfils requirement 2).
Requirement 1) above can be fulfilled with a one-time password qualified by a PIN code known by the user. However, the one-time code should be related to the unique secret user identity thereby making it difficult to utilize a stolen PIN code of another person that has been granted access.
When the first QR code 10 is photographed by the user with the user 's smart phone camera, the access control server system 14 knows the identity of the person by searching the phone number among the phone numbers used when downloading the access application to respective phones. Then the secret user identity is also revealed to the access server system 14. The access server system may then be configured to generate a second QR code 10 ' being an instruction to the access application program to generate a one-time password. The access application in the smart phone is configured to generate a one-time password when the user has photographed the second QR code with the instruction of generating the one-time password, and when the person enters for example a one-time PIN code. The one- time PIN code can be issued and sent to the smart phone in an SMS message, or via the Bluetooth connection, at the same time the second QR message is displayed. The one-time password is generated based on the secret user identity embedded into the access application. The one-time password is sent to the access control server 14 via the established Bluetooth communication channel. In this manner the requirement 1) is fulfilled. The actual encryption and decryption algorithm can be one of several prior art encryption/decryption schemes. The one-time password is then transmitted over the Bluetooth communication channel back to the access server system 14, which is configured to verify the one-time password. If the one-time password is correct the access control server system 14 issues a command opening the door.
An important aspect of this manner of handling one-time passwords is that 1) the person must physically be present in front of the door the person wants to pass, and 2) the setup of the Bluetooth communication channel is via optical means, i.e.
photographing and processing an image of a first QR code on a display located on the side of the door, and 3) the optical communication via the second QR code of the one-time code initiation. The optical aspect of photographing the first and second QR codes on the display on the side of the door prevents any form of sniffing or spying or copying sensitive information that could be used to fake an entry into a restricted area. Further, a designed short range of the Bluetooth communication range ensures that the person is close to the door.
If the security level is very high, the access system of the present invention allows a person to enter a door, wherein a scrutiny of the person 's identity can be verified on the inside of the door after the door has closed, for example by examining a passport or a national identity card.
According to an example of embodiment of the present invention, an access control system comprises an access control server system (14), an access application program running in a smart phone, wherein the access application program
configures the smart phone to act as an access card or access token to be presented in front of an access point (15), wherein the access point (15) comprises:
- a door or gate, wherein opening and closing of the door or gate is
controlled via commands issued by the access server system (14),
- a door display located on a side of the door or gate,
- a Bluetooth connection point in communication with the access control server system (14) over a local area network, and the door display is configured to display a first QR code issued (11) by the access control server system (14), wherein the first QR code (10) is conveyed to the access application program via a photography of the first QR code taken with a camera of the smart phone, wherein the first QR code (10) comprises instructions for configuring a
Bluetooth communication channel between the smart phone and the Bluetooth connection point and the access control server system (14), and the application control server system (14) is further configured to display a second QR code (10) on the door display comprising commands to the access application program running in the smart phone to generate a one-time password,
wherein the second QR code is conveyed to the access application program via the camera of the smart phone, the generated one-time password is sent back to the access control server system (14) via the established Bluetooth communication channel, the access control server system (14) is configured to open the door or gate if the one-time password is controlled to be correct.
Further, the displayed first QR code may change whenever the door is detected to be closing.
Further, when a security level of a restricted access area permits less rigid access control, the access control server (14) may be configured to open a controlled door when the access application program running in the smart phone is sending back (12) an image of the first QR code via the Bluetooth communication channel to the access control server system (14).
Further, the access application program running in the smart phone may configured to issue a command to the door for opening the door over the established Bluetooth communication channel when the access control server system (14) signals back an approval of access via the access point (15). Further, allowed access of a person may be based on an identity of the smart phone and the content of the first QR code received back from the smart phone.
Further, the smart phone identity may be the phone number of the smart phone.
Further, the displayed first QR code may comprise a verification code of the door or gate location inside the restricted area.
Further, the generation of the one-time password may happen when a person associated with the smart phone enters a one-time PIN code received from the access control server (14) via an SMS message, or via the Bluetooth communication channel.
Further, the access application program may be configured to instruct a person associated with a specific smart phone in communication with the door system to record a video stream of the persons face, and to transmit the video stream to the access server system(15) for a three dimensional face recognition process.
Further, the door system may comprise a finger print reader.
Further, the access application program may be configured to instruct a person associated with a specific smart phone in communication with the door system to record the voice of the person, and to transmit the voice stream to the access control server system(14) for a voice recognition process, wherein the access control server system has a pre-stored voice record of the person.
Further, the access application program may be configured to send accelerometer values to the access control server system (14), thereby enabling recognition of specific movement patterns of a person carrying a smart phone.
AN example of embodiment of the present invention comprises a computer implemented method of granting access to a restricted area controlled by an access control server system (14), comprising steps of: - configuring a smart phone to act as an access card or access token via an access application program running in the smart phone,
- configuring an access point (15) with a door locking / door unlocking
system in communication with the access control server system (14),
- configuring the access control server system (14) to display an image
comprising a first QR code on a display located physically close to the access point (15), wherein the first QR code comprises instructions to the smart phone, wherein the smart phone is configured to interpret a photo of the first QR code thereby identifying the instructions submitted in the QR code,
- the instructions in the first QR code configures a communication channel between the smart phone and the access control server system (14),
- configuring the access control server system to display a second QR code comprising instructions to the smart phone, wherein the smart phone is configured to interpret a photo of the second QR code thereby identifying the instructions submitted in the second QR code,
- the instructions in the second QR code triggers the smart phone to
generate a one-time code and submit the one-time code to the access control server system (14) that verifies the one-time code,
- the access control server system (14) decides based on the outcome of the verification of the one-time code to open the access point (15).
Further, the one-time code may be generated based on an identity of the smart phone comprising the telephone number of the smart phone.
Further, the one-time code may be generated based on a secret user identity generated by the access control server system (14) and being embedded into the access application program when the access application program is downloaded into a smartphone.
Further, downloading of the access application program may be authorised by a security department of an enterprise using an access control system according to the present invention.

Claims

Claims:
1. An access control system comprising an access control server system (14), an access application program running in a smart phone, wherein the access application program configures the smart phone to act as an access card or access token to be presented in front of an access point (15), wherein the access point (15) comprises:
- a door or gate, wherein opening and closing of the door or gate is
controlled via commands issued by the access server system (14),
- a door display located on a side of the door or gate,
- a Bluetooth connection point in communication with the access control server system (14) over a local area network, and the door display is configured to display a first QR code issued (11) by the access control server system (14), wherein the first QR code (10) is conveyed to the access application program via a photography of the first QR code taken with a camera of the smart phone, wherein the first QR code (10) comprises instructions for configuring a
Bluetooth communication channel between the smart phone and the Bluetooth connection point and the access control server system (14), and the application control server system (14) is further configured to display a second QR code (10) on the door display comprising commands to the access application program running in the smart phone to generate a one-time password,
wherein the second QR code is conveyed to the access application program via the camera of the smart phone, the generated one-time password is sent back to the access control server system (14) via the established Bluetooth communication channel, the access control server system (14) is configured to open the door or gate if the one-time password is controlled to be correct.
2. The access system of claim 1, wherein the displayed first QR code is changing whenever the door is detected to be closing.
3. The access control system of claim 1, wherein, when a security level of a
restricted access area permits less rigid access control, the access control server (14) is configured to open a controlled door when the access application program running in the smart phone is sending back (12) an image of the first QR code via the Bluetooth communication channel to the access control server system (14).
4. The access control system of claim 3, wherein the access application program running in the smart phone is configured to issue a command to the door for opening the door over the established Bluetooth communication channel when the access control server system (14) signals back an approval of access via the access point (15).
5. The access control system of claim 3, wherein allowed access of a person is based on an identity of the smart phone and the content of the first QR code received back from the smart phone.
6. The access control system of claim 5, wherein the smart phone identity is the phone number of the smart phone.
7. The access control system of claim 1, wherein the displayed first QR code comprises a verification code of the door or gate location inside the restricted area.
8. The access control system of claim 1, wherein the generation of the one-time password happens when a person associated with the smart phone enters a one-time PIN code received from the access control server (14) via an SMS message, or via the Bluetooth communication channel.
9. The access control system of claim 2, wherein the access application program is configured to instruct a person associated with a specific smart phone in communication with the door system to record a video stream of the persons face, and to transmit the video stream to the access server system(15) for a three dimensional face recognition process.
10. The access control system of claim 1, wherein the door system comprises a finger print reader.
11. The access control system of claim 2, wherein the access application program is configured to instruct a person associated with a specific smart phone in communication with the door system to record the voice of a person, and to transmit the voice stream to the access control server system(14) for a voice recognition process, wherein the access control server system has a pre- stored voice record of the person.
12. The access control system of claim 1, wherein the access application program is configured to send accelerometer values to the access control server system (14), thereby enabling recognition of specific movement patterns of a person carrying a smart phone.
13. A computer implemented method of granting access to a restricted area
controlled by an access control server system (14), comprising steps of:
- configuring a smart phone to act as an access card or access token via an access application program running in the smart phone,
- configuring an access point (15) with a door locking / door unlocking
system in communication with the access control server system (14),
- configuring the access control server system (14) to display an image
comprising a first QR code on a display located physically close to the access point (15), wherein the first QR code comprises instructions to the smart phone, wherein the smart phone is configured to interpret a photo of the first QR code thereby identifying the instructions submitted in the QR code,
- the instructions in the first QR code configures a communication channel between the smart phone and the access control server system (14),
- configuring the access control server system to display a second QR code comprising instructions to the smart phone, wherein the smart phone is configured to interpret a photo of the second QR code thereby identifying the instructions submitted in the second QR code,
- the instructions in the second QR code triggers the smart phone to
generate a one-time code and submit the one-time code to the access control server system (14) that verifies the one-time code,
- the access control server system (14) decides based on the outcome of the verification of the one-time code to open the access point (15).
14. The method of claim 13, wherein the one-time code is generated based on an identity of the smart phone comprising the telephone number of the smart phone.
15. The method of claim 13, wherein the one-time code is generated based on a secret user identity generated by the access control server system (14) and being embedded into the access application program when the access application program is downloaded into a smartphone.
16. The method of claim 15, wherein downloading of the access application
program is authorised by a security department of an enterprise using an access control system according to any claim 1-12.
PCT/NO2019/050130 2018-06-20 2019-06-20 Improved access control system and a method thereof controlling access of persons into restricted areas WO2019245383A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP19823602.8A EP3811339A4 (en) 2018-06-20 2019-06-20 Improved access control system and a method thereof controlling access of persons into restricted areas

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP18178728.4 2018-06-20
EP18178728.4A EP3584769A1 (en) 2018-06-20 2018-06-20 Improved access control system and a method thereof controlling access of persons into restricted areas

Publications (1)

Publication Number Publication Date
WO2019245383A1 true WO2019245383A1 (en) 2019-12-26

Family

ID=62715892

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/NO2019/050130 WO2019245383A1 (en) 2018-06-20 2019-06-20 Improved access control system and a method thereof controlling access of persons into restricted areas

Country Status (2)

Country Link
EP (2) EP3584769A1 (en)
WO (1) WO2019245383A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112365643A (en) * 2020-11-16 2021-02-12 深圳市天彦通信股份有限公司 Access area authority management method and related device
TWI757991B (en) * 2020-11-27 2022-03-11 方碼科技有限公司 Control system and control method
TWI777484B (en) * 2021-04-09 2022-09-11 中興保全科技股份有限公司 Access management device
CN115512473A (en) * 2022-11-08 2022-12-23 深圳市亲邻科技有限公司 Door opening method and device based on intelligent sound box permission, medium and electronic equipment

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111866855B (en) * 2020-07-17 2021-01-08 江苏海全科技有限公司 Intelligent terminal initialization activation method
FR3122017B1 (en) * 2021-04-15 2024-04-19 Vauban Systems ACCESS CONTROL SYSTEM
ES2937716B2 (en) * 2021-09-28 2023-07-31 Laliga Content Prot Sl Access control procedure and system
CN115439965A (en) * 2022-09-01 2022-12-06 深圳市安信泰科技有限公司 Access control system and control method thereof
CN115862207B (en) * 2023-02-16 2023-04-28 湖南桅灯机器人有限公司 Intelligent access control authorization method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013110407A1 (en) * 2012-01-25 2013-08-01 Siemens Aktiengesellschaft Access control
US20150089591A1 (en) * 2010-11-25 2015-03-26 Ensygnia Limited Handling encoded information
US20160248782A1 (en) * 2013-10-01 2016-08-25 Inevtio Ag Access control using portable electronic devices

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2920564B1 (en) * 2007-08-27 2013-04-26 Fabernovel METHOD AND SYSTEM FOR PROVIDING SERVICES
US20090324025A1 (en) * 2008-04-15 2009-12-31 Sony Ericsson Mobile Communicatoins AB Physical Access Control Using Dynamic Inputs from a Portable Communications Device
US9425981B2 (en) 2011-07-14 2016-08-23 Colin Foster Remote access control to residential or office buildings
CN103136806A (en) * 2012-12-28 2013-06-05 腾讯科技(深圳)有限公司 Method, system, scanning terminal and display terminal for sign-in based on two-dimension code
CN106375935A (en) * 2016-08-15 2017-02-01 余意华 Rapid connection mode for Bluetooth input method and Bluetooth bar code scanner

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150089591A1 (en) * 2010-11-25 2015-03-26 Ensygnia Limited Handling encoded information
WO2013110407A1 (en) * 2012-01-25 2013-08-01 Siemens Aktiengesellschaft Access control
US20160248782A1 (en) * 2013-10-01 2016-08-25 Inevtio Ag Access control using portable electronic devices

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3811339A4 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112365643A (en) * 2020-11-16 2021-02-12 深圳市天彦通信股份有限公司 Access area authority management method and related device
TWI757991B (en) * 2020-11-27 2022-03-11 方碼科技有限公司 Control system and control method
TWI777484B (en) * 2021-04-09 2022-09-11 中興保全科技股份有限公司 Access management device
CN115512473A (en) * 2022-11-08 2022-12-23 深圳市亲邻科技有限公司 Door opening method and device based on intelligent sound box permission, medium and electronic equipment

Also Published As

Publication number Publication date
EP3584769A1 (en) 2019-12-25
EP3811339A1 (en) 2021-04-28
EP3811339A4 (en) 2022-06-01

Similar Documents

Publication Publication Date Title
WO2019245383A1 (en) Improved access control system and a method thereof controlling access of persons into restricted areas
US11568695B1 (en) Information-based, biometric, asynchronous access control system
CN107018124B (en) Remote application for controlling access
JP6081859B2 (en) Entrance / exit management system and entrance / exit management method
CN109074693B (en) Virtual panel for access control system
US20080010464A1 (en) System and method for automated border-crossing checks
KR102227611B1 (en) Face recognition system for easy registration
KR101855494B1 (en) Door system and method using mobile device
JP2009181561A (en) Security management system using biometric authentication
EP3142079B1 (en) Identity assurance
KR101637516B1 (en) Method and apparatus for controlling entrance and exit
KR20180125729A (en) Vehicle access control system and method through code display
KR20170098778A (en) Reservation system to visitor
KR20200092608A (en) Entrance certification system of Common porch and undergound parking lot and entrance certification method using the same
KR20160076724A (en) Building within the dangerous area visitor management and monitoring system
US20220262184A1 (en) Property management systems
KR102226308B1 (en) The Method for controlling door open/close of Intelligent Transportation System facility
US11599872B2 (en) System and network for access control to real property using mobile identification credential
KR102001607B1 (en) Method and system for security service using position information
KR101979340B1 (en) A remote iot locking device using smart glass and position sensor recognition technology
KR102380398B1 (en) system and method of managing visiting vehicle
KR102268117B1 (en) Apparatus and system for controlling the opening and closing of the door
KR102255229B1 (en) Fever patient tracking management system using face recognition technology
CN116806350A (en) Access door opening and closing control device, system and control method thereof
JP2022135182A (en) Visitor management system and visitor management method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19823602

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2019823602

Country of ref document: EP

Effective date: 20210120