Secure interface for access control systems

US 20090153290A1
Filed: 12/14/2007
Published: 06/18/2009
Est. Priority Date: 12/14/2007
Status: Abandoned Application

First Claim

Patent Images

1. An access control system, comprising:

an RFID reader, includingan RFID card interface configured to receive an RFID signal including at least some identification data associated with a holder of an RFID card;

a controller configured toretrieve the identification data from the received RFID signal, andgenerate a message responsive to the identification data, wherein the message further includes an RFID reader identifier and a message sequence number;

an encryption engine configured to encrypt the generated message; and

an access controller interface configured to send the encrypted message to a remote access controller; and

an access controller, includingan RFID reader interface configured to receive the encrypted message;

a decryption engine configured to decrypt the received message;

an authentication engine configured to authenticate the decrypted message based on the RFID reader identifier and the message sequence number; and

an access control signal generator configured to generate an access control signal responsive to the received identification data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An access control system and methods utilizing secure Wiegand communication interface are disclosed. In one example embodiment, an access control system includes an a plurality of RFID cards, a RFID reader and an access controller. The RFID reader collects user identification information communicated thereto via RFID cards and forwards it to the remote access controller. The access controller process the received identification information and determines whether to grant RFID card holder access to a restricted area or service. The RFID reader communicates with the access controller via a secure Wiegand interfaces, which utilized RFID reader identifiers, message sequence numbers and data encryption techniques to secure data transmissions between the RFID reader and access controller from various types of attacks.

155 Citations

20 Claims

1. An access control system, comprising:
- an RFID reader, includingan RFID card interface configured to receive an RFID signal including at least some identification data associated with a holder of an RFID card;
  
  a controller configured toretrieve the identification data from the received RFID signal, andgenerate a message responsive to the identification data, wherein the message further includes an RFID reader identifier and a message sequence number;
  
  an encryption engine configured to encrypt the generated message; and
  
  an access controller interface configured to send the encrypted message to a remote access controller; and
  
  an access controller, includingan RFID reader interface configured to receive the encrypted message;
  
  a decryption engine configured to decrypt the received message;
  
  an authentication engine configured to authenticate the decrypted message based on the RFID reader identifier and the message sequence number; and
  
  an access control signal generator configured to generate an access control signal responsive to the received identification data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the access controller interface and RFID reader interface include Wiegand-type interfaces.
  - 3. The system of claim 1, wherein the encryption engine is configured to encrypt the access controller message using a block cipher.
  - 4. The system of claim 1, wherein the encryption engine is configured to encrypt the access controller message using a public key encryption algorithm.
  - 5. The system of claim 1, wherein the controller is configured to calculate the message sequence number before sending a message to the access controller.
  - 6. The system of claim 1, wherein the authentication engine of the access controller is configured to compare the message sequence number retrieved from the received message with previously received, stored message sequence number.
  - 7. The system of claim 1, wherein the authenticating engine of the access controller is configured to compare the RFID reader identifier retrieved from the received message with one or more stored RFID reader identifiers.
  - 8. The system of claim 1, wherein access controller is configured to determine whether identification data corresponds to an authorized RFID holder.

9. An access control method, comprising:
- receiving a RFID card signal from a RFID card, the signal including at least an identification data associated with the holder of the RFID card;
  
  retrieving the identification data from the received RFID card signal;
  
  generating an access controller message based on the received identification data, the message further including a RFID reader identifier and a message sequence number;
  
  encrypting the generated access controller message; and
  
  sending the encrypted message to the access controller via an access controller interface.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, wherein the access controller interface includes Wiegand interface.
  - 11. The method of claim 9, wherein encrypting the access controller message includes encrypting using a block cipher or encrypting using a public-key encryption algorithm.
  - 12. The method of claim 9, further comprising incrementing the message sequence counter after sending a message to the access controller.

13. An access control method, comprising:
- receiving an encrypted RFID reader message via a RFID reader interface;
  
  decrypting the received message, the message including at least a RFID reader identifier, a message sequence number and an identification data;
  
  retrieving the RFID reader identifier and the message sequence number from the decrypted message;
  
  authenticating the decrypted message based on the RFID reader identifier and the message sequence number; and
  
  generating an access control signal based on the received identification data.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13, wherein the access controller interface includes Wiegand interface.
  - 15. The method of claim 13, wherein decrypting the access controller message includes decrypting using a block cipher or decrypting using a public-key decryption algorithm.
  - 16. The method of claim 13, wherein authenticating the decrypted message further includes comparing the message sequence number retrieved from the received message with previously received stored message sequence number.
  - 17. The method of claim 13, wherein authenticating the decrypted message further includes comparing the message sequence number retrieved from the received message with a generated pseudo random number.
  - 18. The method of claim 13, wherein authenticating the decrypted message further includes comparing the RFID reader identifier retrieved from the received message with one or more stored RFID reader identifiers.
  - 19. The method of claim 13, wherein the identification data is associated with a holder of a RFID card.
  - 20. The method of claim 13, wherein generating the access control signal includes determining whether identification data corresponds to an authorized RFID holders.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Farpointe Data Incorporated (dormakaba Holding AG)
Inventors
Bierach, Kirk B.

Application Number

US12/002,145
Publication Number

US 20090153290A1
Time in Patent Office

Days
Field of Search
US Class Current

340/5.600
CPC Class Codes

H04L 2209/805 Lightweight hardware, e.g. ...

H04L 9/32 including means for verifyi...

Secure interface for access control systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

155 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure interface for access control systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

155 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links