System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone

US 20060224901A1
Filed: 04/03/2006
Published: 10/05/2006
Est. Priority Date: 04/05/2005
Status: Active Grant

First Claim

Patent Images

1. A method of remotely maintaining a secure access system, comprising:

updating at least a portion of credential information in said access system;

in response to updating said at least a portion of credential information, generating a message comprising said updated credential information;

determining at least one target for said message, wherein said at least one target comprises at least one mobile device; and

transmitting said message to said at least one target.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is generally directed toward a mobile device that can be used in a secure access system. More specifically, the mobile device can have credential data loaded thereon remotely updated, enabled, disabled, revoked, or otherwise altered with a message sent from, for example, a control panel and/or controller in the system.

183 Citations

42 Claims

1. A method of remotely maintaining a secure access system, comprising:
- updating at least a portion of credential information in said access system;
  
  in response to updating said at least a portion of credential information, generating a message comprising said updated credential information;
  
  determining at least one target for said message, wherein said at least one target comprises at least one mobile device; and
  
  transmitting said message to said at least one target.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein updating at least a portion of credential information on said access system comprises transmitting said message to at least one of a reader and a database.
  - 3. The method of claim 1, wherein a mobile device has a first set of credential data stored thereon, and wherein said updating further comprises changing said first set of credential data to a second different set of credential data.
  - 4. The method of claim 3, wherein said first set of credential data has at least one of a key, password, unique ID, encryption scheme, and transmission protocol that is different in said second set of credential data.
  - 5. The method of claim 3, wherein said at least one mobile device is a smart mobile device, wherein said first set of credential data comprises self-authenticating data, and wherein said second set of credential data comprises different self-authenticating data.
  - 6. The method of claim 1, further comprising, in the event that said at least one mobile device does not receive said message and is subsequently presented to a reader, determining that said at least one mobile device is invalid.
  - 7. The method of claim 1, wherein said updating is performed on a periodic basis.
  - 8. The method of claim 1, further comprising:
    - receiving said message at said at least one mobile device; and
      
      modifying at least a portion of memory of said at least one mobile device according to said updated credential information.
  - 9. The method of claim 8, wherein said modifying comprises at least one of enabling, disabling, revoking, and altering at least a portion of said memory.
  - 10. The method of claim 8, further comprising:
    - disabling at least a portion of said memory unless an enabling message is received.
  - 11. The method of claim 1, further comprising de-enrolling a user of at least one mobile device from an access list, wherein said updating is performed in response to de-enrolling said user from said access list.
  - 12. The method of claim 1, wherein said message is transmitted over a cellular communication network.
  - 13. The method of claim 1, wherein said message is transmitted by at least one of a radio frequency signal and a near field communication signal.
  - 14. The method of claim 1, further comprising:
    - presenting a mobile device to a reader;
      
      generating a second message comprising information related to said at least one mobile device being presented to said reader; and
      
      sending said second message to at least one of a database, controller, and another mobile device.
  - 15. The method of claim 14, wherein said second message is sent via a short message service (SMS) message.

16. A secure access system, comprising:
- at least one mobile device comprising memory, wherein said memory comprises credential information;
  
  a controller that is operable to alter at least a portion of said credential information, cause a message to be generated that comprises said altered credential information, and cause said message to be transmitted to said at least one mobile device.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 17. The system of claim 16, further comprising:
    - at least one reader for determining an authenticity of said at least one mobile device; and
      
      a database for maintaining information related to said system, wherein said controller is further operable to cause a second message to be generated that comprises said updated credential information and cause said second message to be transmitted to at least one of said reader and said database.
  - 18. The system of claim 17, wherein, in the event that said at least one mobile device does not receive said message, said credential information for said at least one mobile device becomes obsolete.
  - 19. The system of claim 18, wherein, upon presentation of said at least one mobile device to said at least one reader, the authenticity of said at least one mobile device is determined to be invalid.
  - 20. The system of claim 16, wherein at least a portion of said credential information on said memory is altered in response to receiving said message.
  - 21. The system of claim 20, wherein said at least a portion of said credential information comprises at least one of a key, password, unique ID, encryption scheme, and transmission protocol, and wherein at least one of said key, password, unique ID, encryption scheme, and transmission protocol is altered.
  - 22. The system of claim 20, wherein said at least one mobile device is a smart mobile device, wherein said credential information comprises self-authenticating data, and wherein said self-authenticating data is altered.
  - 23. The system of claim 16, wherein said controller updates at least a portion of said credential information on a periodic basis.
  - 24. The system of claim 16, wherein at least a portion of said credential information on said memory is at least one of enabled, disabled, and revoked in response to receiving said message.
  - 25. The system of claim 16, wherein said mobile device comprises a timing-out mechanism, wherein said timing-out mechanism is operable to disable said memory unless an enabling message is received from said controller.
  - 26. The system of claim 16, wherein said controller causes said message to be transmitted to said mobile device via at least one of a global system for mobile communications, a digital cellular system, and a personal communications system.
  - 27. The system of claim 16, wherein said at least one mobile device is at least one of a cellular phone, and personal digital assistant.
  - 28. The system of claim 16, wherein said alteration is performed in response to de-enrolling at least one user from a list of authorized users.
  - 29. The system of claim 16, wherein said at least one mobile device comprises a plurality of mobile devices, and wherein credential information in each one of the plurality of mobile devices is altered.
  - 30. The system of claim 16, wherein said at least one mobile device comprises a plurality of mobile devices, and wherein credential information in less than all of the plurality of mobile devices is altered.
  - 31. The system of claim 16, wherein said message is transmitted via at least one of a radio frequency and near field communication signal.
  - 32. The system of claim 16, wherein said message is transmitted via a cellular communications network.

33. A mobile device for use in a secure access system, comprising:
- a memory, wherein said memory comprises credential information;
  
  an interface operable to communicate with a reader and further operable to receive messages relating to updated credential information, wherein, upon receipt of a first message, said credential information is changed from a first state to a second state.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 34. The device of claim 33, wherein, in the event that said first message is not received, said credential information is maintained in said first state and as a result becomes obsolete.
  - 35. The device of claim 34, wherein said reader is operable to determine an authenticity of said mobile device based at least in part upon said credential information, and upon presentation of said mobile device to said reader, the authenticity of said mobile device is determined to be invalid.
  - 36. The device of claim 33, wherein said reader is associated with a controller and the controller is operable to determine an authenticity of said mobile device based at least in part upon said credential information.
  - 37. The device of claim 36, wherein said reader is operable to determine an authenticity of said mobile device based at least in part upon said credential information.
  - 38. The device of claim 33, wherein said credential information comprises at least one of a key, password, unique ID, encryption scheme, and transmission protocol.
  - 39. The device of claim 33, wherein said at least one of a key, password, unique ID, encryption scheme, and transmission protocol is different in said first state than in said second state.
  - 40. The device of claim 33, wherein said credential information comprises self-authenticating data, and wherein said self-authenticating data is different between said first state and said second state.
  - 41. The device of claim 33, further comprising a timing-out mechanism, wherein said timing-out mechanism is operable to disable said memory unless an enabling message is received.
  - 42. The device of claim 33, wherein a near field communications protocol is used by said first interface to communicate with said reader.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Lowe, Peter R.

Granted Patent

US 7,706,778 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

G06F 21/31   User authentication

G06F 21/45   Structures or tools for the...

G07C 9/20   involving the use of a pass

H04L 63/0492   by using a location-limited...

H04L 63/062   for key distribution, e.g. ...

H04L 63/068   using time-dependent keys, ...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/068   using credential vaults, e....

H04W 12/08   Access security

H04W 12/082   using revocation of authori...

H04W 4/023   using mutual or relative lo...

H04W 4/80   Services using short range ...

H04W 48/04   based on user or terminal l...

H04W 88/02   Terminal devices

System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

183 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

183 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links