Method and apparatus for making a decision on a card

US 10,490,005 B2
Filed: 05/02/2016
Issued: 11/26/2019
Est. Priority Date: 05/01/2015
Status: Active Grant

First Claim

Patent Images

1. A method for use in a first credential, comprising:

receiving, at a first credential, data transmitted from a reader associated with an access control system, the data comprising at least one of a host identifier and timestamp;

analyzing the at least one of a host identifier and timestamp using an application stored on the first credential;

making an access control decision based on the analyzing step;

generating a first message containing results of the access control decision; and

sending the first message to the reader,characterized in that the method further comprises;

receiving, at the first credential, information from a second credential;

wherein the analyzing step further comprises analyzing the information from the second credential, and further wherein the access control decision comprises a determination as to whether the first and second credentials are both allowed access to an asset protected by the reader, wherein at least one of the first credential and the second credential is a wearable computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and devices for making access decisions in a secure access network are provided. The access decisions are made by one or more portable credentials using data and algorithms stored on or received by two or more credentials. Since access decisions are made by the portable credential or credentials, non-networked hosts or local hosts can be employed that do not necessarily need to be connected to a central access controller or database, thereby reducing the cost of building and maintaining the secure access network.

46 Citations

View as Search Results

18 Claims

1. A method for use in a first credential, comprising:
- receiving, at a first credential, data transmitted from a reader associated with an access control system, the data comprising at least one of a host identifier and timestamp;
  
  analyzing the at least one of a host identifier and timestamp using an application stored on the first credential;
  
  making an access control decision based on the analyzing step;
  
  generating a first message containing results of the access control decision; and
  
  sending the first message to the reader,characterized in that the method further comprises;
  
  receiving, at the first credential, information from a second credential;
  
  wherein the analyzing step further comprises analyzing the information from the second credential, and further wherein the access control decision comprises a determination as to whether the first and second credentials are both allowed access to an asset protected by the reader, wherein at least one of the first credential and the second credential is a wearable computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the information from the second credential corresponds to at least one of a PIN, a password, biometric identification information, a user selection, and information gathered from one or more sensors on the second credential.
  - 3. The method of claim 1, wherein at least some of the information from the second credential is provided by a user via a user interface on the second credential.
  - 4. The method of claim 1, wherein the information from the second credential corresponds to at least one of the host identifier and the timestamp.
  - 5. The method of claim 1, wherein said access control decision comprises a grant of access to an asset associated with said access control system, the method further comprising:
    - saving the first message in a log.
  - 6. The method of claim 1, wherein the access control decision comprises a denial of access to an asset associated with said access control system, the method further comprising:
    - saving the first message in a log.
  - 7. The method of claim 1, wherein said first message is encrypted prior to being sent from to the reader.
  - 8. The method of claim 1, wherein the information received from the second credential is at least one of a control key, a control or access schedule, and an expiration time.
  - 9. The method of claim 1, further comprising:
    - the second credential analyzing the at least one of a host identifier and timestamp using an application stored on the second credential;
      
      the second credential making a second access control decision, the second access control decision comprising a determination as to whether or not the second credential is allowed access to an asset protected by the reader, and the second access control decision being based on the second credential analyzing step;
      
      the second credential generating a second message containing results of the second access control decision; and
      
      the second credential sending the second message to the first credential.
  - 10. The method of claim 9, wherein the information received from the second credential comprises the second message.
  - 11. The method of claim 9, further comprising:
    - the second credential receiving from the first credential at least one of a control key, a control or access schedule, and an expiration time.
  - 12. The method of claim 1, wherein the information received from the reader is encrypted.
  - 13. The method of claim 1, further comprising authenticating with the second credential before receiving the information from the second credential.

14. An access control system, comprising:
- at least two credentials, each credential comprising;
  
  a memory storing an access decision application that is capable of making an access decision for said credential based on data received from an access control system reader, the access decision comprising adetermination as to whether or not the credential is allowed access to the asset protected by the access control system reader, wherein the received data comprises at least one of a host identifier assigned to the access control system reader, authentication information, and a timestamp; and
  
  a processor for executing the access decision application in connection with the received data,wherein at least one of the at least two credentials is a wearable computer.
- View Dependent Claims (15, 16)
- - 15. The system of claim 14, wherein the processor of the wearable computer is capable of generating a message after executing the access decision application and causing the message to be transmitted to the other of the at least two credentials, and wherein the message comprises results of the access decision for the wearable computer.
  - 16. The system of claim 14, wherein at least another one of the at least two credentials comprises a contact smartcard, a contactless smartcard, a proximity card, a passport, a key fob, a cellular phone, a portable computer, or a Personal Digital Assistant.

17. A credential for use in a secure access system, comprising:
- a memory storing an access decision application that is capable of making an access decision for said credential based on data received from a local host; and
  
  a processor for executing said access decision application, wherein said processor is further capable of generating a message after executing said access decision application and causing said message to be transmitted to the local host,and wherein said message comprises results of said access decision for said credential,characterized in that;
  
  the access decision for said credential is further based on data received from a second credential, the access decision comprising a determination as to whether or not the credential and the second credential are allowed access to an asset protected by the local host;
  
  the access decision application is for execution by the processor in connection with said received data from the local host and said received data from the second credential, wherein at least one of the first credential and the second credential is a wearable computer; and
  
  said data received from the second credential comprises at least one of a control or access schedule, a control key, an expiration time, a PIN, a password, biometric identification information, an indication of whether the second credential is allowed access to the asset protected by the local host, and an indication of whether the second credential has completed one or more steps required to be completed by the second credential for the access decision application to determine that the credential is allowed access to the asset.
- View Dependent Claims (18)
- - 18. The credential of claim 17, wherein the processor is configured to authenticate the second credential before receiving the data from the second credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Caterino, Mark Anthony, Einberg, Fredrik Carl Stefan, Hoyer, Philip, Berg, Daniel, Davis, Masha Leah
Primary Examiner(s)
Naghdali, Khalil

Application Number

US15/568,934
Publication Number

US 20180152444A1
Time in Patent Office

1,303 Days
Field of Search

713185
US Class Current
CPC Class Codes

G06F 1/163   Wearable computers, e.g. on...

G06F 21/34   involving the use of extern...

G06V 40/10   Human or animal bodies, e.g...

G07C 2009/00769   with data transmission perf...

G07C 9/00174   Electronically operated loc...

G07C 9/00309   operated with bidirectional...

G07C 9/00563   using personal physical dat...

G07C 9/00571   operated by interacting wit...

G07C 9/257   electronically G07C9/26 tak...

G07C 9/28   the pass enabling tracking ...

G08B 25/016   Personal emergency signalli...

G08B 7/066   guiding along a path, e.g. ...

H04B 1/385   Transceivers carried on the...

H04L 2463/121   Timestamp cryptographic mec...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 63/0876   based on the identity of th...

H04L 63/108 : when the policy decisions a...

H04L 9/3226 : using a predetermined code,...

H04W 12/04 : Key management, e.g. using ...

H04W 12/06 : Authentication

H04W 12/065 : Continuous authentication

H04W 12/08 : Access security

H04W 12/33 : using wearable devices, e.g...

H04W 12/40 : Security arrangements using...

H04W 12/63 : Location-dependent; Proximi...

H04W 12/64 : using geofenced areas

H04W 12/68 : Gesture-dependent or behavi...

H04W 4/80 : Services using short range ...

H04W 88/02 : Terminal devices

View All

Method and apparatus for making a decision on a card

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for making a decision on a card

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links