Presence-based credential updating

US 10,050,948 B2
Filed: 07/26/2013
Issued: 08/14/2018
Est. Priority Date: 07/27/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

delivering at least one credential to at least one device associated with a first user, the at least one credential being unusable with one or more physical access control readers until activation, wherein the at least one credential is delivered to the at least one device at a first time, wherein the at least one device associated with the first user comprises a smart phone, and wherein the at least one credential is capable of being transmitted to the one or more physical access control readers prior to activation but is incapable of being verified by the one or more physical access control readers prior to activation;

receiving contextual information regarding the first user, the contextual information including information describing one or more network devices with which the at least one device is in communication or has been in communication, wherein the contextual information is received at a second time that follows the first time, and wherein the one or more network devices comprise a network access point;

based on the received contextual information, determining a credential update to perform in connection with the at least one device and the at least one credential delivered to the at least one device, the credential update corresponding to at least one action to take in connection with activating the at least one credential;

generating a first message that contains at least one instruction to activate the at least one credential;

transmitting the first message to the at least one device associated with the first user;

generating a second credential activation message; and

transmitting the second credential activation message to the one or more physical access control readers.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and devices for updating access permissions of users in an access control system are described. The access permissions are capable of being updated based on rules and thresholds that include as at least one variable presence or contextual information associated with a user. The presence or contextual information associated with a user may be analyzed to trigger a credential update process for that user or other users within the access control system.

Citations

20 Claims

1. A method, comprising:
- delivering at least one credential to at least one device associated with a first user, the at least one credential being unusable with one or more physical access control readers until activation, wherein the at least one credential is delivered to the at least one device at a first time, wherein the at least one device associated with the first user comprises a smart phone, and wherein the at least one credential is capable of being transmitted to the one or more physical access control readers prior to activation but is incapable of being verified by the one or more physical access control readers prior to activation;
  
  receiving contextual information regarding the first user, the contextual information including information describing one or more network devices with which the at least one device is in communication or has been in communication, wherein the contextual information is received at a second time that follows the first time, and wherein the one or more network devices comprise a network access point;
  
  based on the received contextual information, determining a credential update to perform in connection with the at least one device and the at least one credential delivered to the at least one device, the credential update corresponding to at least one action to take in connection with activating the at least one credential;
  
  generating a first message that contains at least one instruction to activate the at least one credential;
  
  transmitting the first message to the at least one device associated with the first user;
  
  generating a second credential activation message; and
  
  transmitting the second credential activation message to the one or more physical access control readers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the at least one device comprises a user device configured to exchange messages via a communication network.
  - 3. The method of claim 2, wherein the first message is transmitted to the at least one device via the communication network in at least one of an SMS message, an email, and an HTTP request.
  - 4. The method of claim 1, wherein the user device further comprises a secure element that stores the at least one credential as sensitive data in an encrypted format.
  - 5. The method of claim 4, wherein the secure element corresponds to at least one of a SIM card, microSD card, removeable IC, and embedded IC.
  - 6. The method of claim 1, wherein the network access point is located in physical proximity to the one or more physical access control readers.
  - 7. The method of claim 1, wherein the at least one credential comprises multiple credentials.
  - 8. The method of claim 1, wherein the contextual information regarding the first user further comprises presence information.
  - 9. The method of claim 1, wherein the contextual information regarding the first user further comprises location information and an identifier of the one or more network devices.
  - 10. The method of claim 1, wherein the contextual information regarding the first user further comprises information regarding the first user'"'"'s usage of a particular application on the at least one device.
  - 11. The method of claim 1, further comprising:
    - based on the received contextual information, determining a credential update to perform in connection with at least one device associated with a second user, the second user being different than the first user;
      
      generating a third message that contains at least one instruction to activate at least one credential for the second user; and
      
      transmitting the third message to the at least one device associated with the second user.

12. A non-transitory computer-readable medium comprising processor-executable instructions that are executable by a processor, the instructions comprising:
- instructions that deliver at least one credential to at least one device associated with a first user, the at least one credential being unusable with one or more physical access control readers until activation, wherein the at least one credential is delivered to the at least one device at a first time, wherein the at least one device associated with the first user comprises a smart phone, and wherein the at least one credential is capable of being transmitted to the one or more physical access control readers prior to activation but is incapable of being verified by the one or more physical access control readers prior to activation;
  
  instructions that receive contextual information regarding the first user, the contextual information including information describing one or more network devices with which the at least one device is in communication or has been in communication, wherein the contextual information is received at a second time that follows the first time, and wherein the one or more network devices comprise a network access point;
  
  instructions that determine, based on the received contextual information, a credential update to perform in connection with the at least one device and the at least one credential delivered to the at least one device, the credential update corresponding to at least one action to take in connection with activating the at least one credential;
  
  instructions that generate a first message that contains at least one instruction to activate the at least one credential;
  
  instructions that transmit the first message to the at least one device associated with the first userinstructions that generate a second credential activation message; and
  
  instructions that transmit the second credential activation message to the one or more physical access control readers.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer-readable medium of claim 12, wherein the contextual information is received via a communication network.
  - 18. The non-transitory computer-readable medium of claim 12, wherein the contextual information comprises group context information.
  - 19. The non-transitory computer-readable medium of claim 18, wherein the group context information comprises contextual information for the first user and a second user.
  - 20. The non-transitory computer-readable medium of claim 12, wherein the contextual information further comprises location information and an identifier of the one or more network devices.

13. A physical access control system, comprising:
- memory that stores processor-executable instructions; and
  
  a processor that executes the processor-executable instructions thereby enabling the processor to;
  
  deliver at least one credential to at least one device associated with a first user, the at least one credential being unusable with one or more physical access control readers until activation, wherein the at least one credential is delivered to the at least one device at a first time, and wherein the at least one credential is capable of being transmitted to the one or more physical access control readers prior to activation but is incapable of being verified by the one or more physical access control readers prior to activation;
  
  receive at least one of presence information and contextual information associated with the user, the contextual information including information describing one or more network devices with which the at least one device is in communication or has been in communication, wherein the contextual information is received at a second time that follows the first time, and wherein the one or more network devices comprise a network access point;
  
  determine that a credential update process is to be performed for the at least one device associated with the first user, the credential update corresponding to at least one action to take in connection with activating the at least one credential; and
  
  invoke the credential update process upon determining that the first user has crossed at least one of a physical and logical threshold based on the received at least one of presence information and contextual information, wherein the at least one device associated with the first user comprises a smart phone, and wherein the credential update process includes transmitting a first credential activation message to the one or more physical access control readers as well as transmitting a second credential activation message to the at least one device associated with the first user.
- View Dependent Claims (14, 15, 16)
- - 14. The system of claim 13, wherein the at least one of a physical and logical threshold corresponds to a predetermined distance away from a predetermined location.
  - 15. The system of claim 13, wherein the at least one of a physical and logical threshold corresponds to a predetermined action of the first user detected at the at least one device associated with the first user.
  - 16. The system of claim 13, wherein the one or more physical access control readers secure physical rooms of a facility and wherein the one or more network devices comprise network access points distributed throughout the facility.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Lagerstedt, Stig, Berg, Daniel, Bailin, Daniel, Robinton, Mark, Davis, Masha Leah
Primary Examiner(s)
Shiferaw, Eleni A
Assistant Examiner(s)
Zarrineh, Shahriar

Application Number

US14/416,323
Publication Number

US 20150200925A1
Time in Patent Office

1,845 Days
Field of Search

726 6
US Class Current
CPC Class Codes

H04L 63/0492   by using a location-limited...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/107   wherein the security polici...

H04W 12/04   Key management, e.g. using ...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/08   Access security

H04W 12/63   Location-dependent; Proximi...

H04W 12/64   using geofenced areas

Presence-based credential updating

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Presence-based credential updating

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links