Management of badge access to different zones
First Claim
1. A method executed in a badge for having access to different zones with different security levels protected by badge readers, said method comprising:
- obtaining, from a badge reader located external to the badge, an invitation to request access to a zone Zout to which the badge reader is adapted to grant access, said badge including a current zone identifier Z which authorizes the badge to access the zone Z;
responsive to said obtaining the invitation, ascertaining that the badge is authorized to access the zone Zout, said badge having a current badge identifier ID;
responsive to said ascertaining, retrieving a zone-associated badge identifier IDout associated with the zone Zout;
issuing to the badge reader, in response to the received invitation and to said ascertaining, a request for access to the zone Zout, said request comprising;
the current badge identifier ID, the zone-associated badge identifier IDout, and a current badge key K or comparison with a badge key Kin associated with a zone Zin where the badge reader is located; and
receiving, from the badge reader in response to the request for access, an authorization to access the zone Zout during a specified period of time Tout, wherein a badge key Kout for leaving the zone Zout is received by the badge in conjunction with said authorization;
after said authorization has been received from the badge reader, replacing in the badge;
the current badge key K with the received badge key Kout, the current badge identifier ID with the zone-associated badge identifier IDout, and the current zone identifier Z with the identifier of the zone Zout which authorizes the badge to access the zone Zout instead of the zone Z;
wherein said obtaining, said ascertaining, said retrieving, said issuing, and said receiving the authorization are performed by a processor within the badge.
1 Assignment
0 Petitions
Accused Products
Abstract
A method executed in a badge, a badge reader, and a server for controlling access to different zones. The badge obtains from the badge reader an invitation to request access to a zone Zout. The badge ascertains that the badge is authorized to access the zone Zout. The badge has a current badge identifier ID. The badge retrieves a zone-associated badge identifier IDout associated with the zone Zout. The badge issues to the badge reader a request for access to the zone Zout. The request includes: the current badge identifier ID, the zone-associated badge identifier IDout; and a current badge key K. The badge receives from the badge reader either an authorization to access the zone Zout during a specified period of time Tout or a refusal to grant access to the zone Zout. The server implements the distribution of keys used by the badge reader and badge.
26 Citations
16 Claims
-
1. A method executed in a badge for having access to different zones with different security levels protected by badge readers, said method comprising:
-
obtaining, from a badge reader located external to the badge, an invitation to request access to a zone Zout to which the badge reader is adapted to grant access, said badge including a current zone identifier Z which authorizes the badge to access the zone Z; responsive to said obtaining the invitation, ascertaining that the badge is authorized to access the zone Zout, said badge having a current badge identifier ID; responsive to said ascertaining, retrieving a zone-associated badge identifier IDout associated with the zone Zout; issuing to the badge reader, in response to the received invitation and to said ascertaining, a request for access to the zone Zout, said request comprising;
the current badge identifier ID, the zone-associated badge identifier IDout, and a current badge key K or comparison with a badge key Kin associated with a zone Zin where the badge reader is located; andreceiving, from the badge reader in response to the request for access, an authorization to access the zone Zout during a specified period of time Tout, wherein a badge key Kout for leaving the zone Zout is received by the badge in conjunction with said authorization; after said authorization has been received from the badge reader, replacing in the badge; the current badge key K with the received badge key Kout, the current badge identifier ID with the zone-associated badge identifier IDout, and the current zone identifier Z with the identifier of the zone Zout which authorizes the badge to access the zone Zout instead of the zone Z; wherein said obtaining, said ascertaining, said retrieving, said issuing, and said receiving the authorization are performed by a processor within the badge. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method executed in a badge reader, for dynamically managing access to different protected zones with different security levels through use of badges, said method comprising:
-
detecting a badge located external to the badge reader; issuing to the detected badge, an invitation to request access to a zone Zout to which the badge reader is adapted to grant access; after said issuing the invitation, receiving from the badge a request for access to the zone Zout, said request comprising;
a current badge identifier ID, a zone-associated badge identifier IDout associated with Zout, and a current badge key K for comparison with a badge key Kin associated with a zone Zin where the badge reader is located; andin response to the received request for access, supplying to the badge an authorization to access the zone Zout during a specified period of time Tout, said supplying being responsive to;
determining by the badge reader that the current badge key K is equal to the badge key Kin, and determining by the reader that the zone-associated badge identifier IDout authorizes access to the zone Zout;wherein said detecting, said issuing, said receiving the request for access, and said supplying are performed by a processor within the badge reader, and wherein said authorization comprises providing to the badge a badge key Kout to leave the zone Zout. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method executed in a server connected to one or a plurality of badge readers, for dynamically managing access to different protected zones with different security levels through use of badges and badge readers, said method comprising:
-
upon reception by the server from a badge reader of a configuration request comprising a zone identifier corresponding to a zone Zin where the badge reader is located and a zone identifier corresponding to a zone Zout to which the badge reader gives access;
transmitting by the server to the badge reader, a key Kin associated with the zone Zin, a key Kout associated with the zone Zout, and an IDlist table comprising a list of badge identifiers authorized to enter the zone Zout, wherein said transmitting is performed by a processor within the server;upon reception by the server from the badge reader of a message indicating an authorization of access of a badge to the zone Zout and comprising an identifier IDout of the badge, a zone identifier corresponding to Zin, and a zone identifier corresponding to Zout, decrementing by the server the number Pin of badges present in the zone Zin, and if after said decrementing Pin is equal to zero then sending to the badge reader a new key Kin associated with the zone Zin; and after said decrementing, incrementing by the server the number Pout of badges present in the zone Zout. - View Dependent Claims (13, 14)
-
-
12. A method executed in a server connected to one or a plurality of badge readers, for dynamically managing access to different protected zones with different security levels through use of badges and badge readers, said method comprising:
-
upon reception by the server from a badge reader of a configuration request comprising a zone identifier corresponding to a zone Zin where the badge reader is located and a zone identifier corresponding to a zone Zout to which the badge reader gives access;
transmitting by the server to the badge reader, a key Kin associated with the zone Zin, a key Kout associated with the zone Zout, and an IDlist table comprising a list of badge identifiers authorized to enter the zone Zout, wherein said transmitting is performed by a processor within the server;upon reception by the server from the badge reader of an intrusion message indicative of refusal of granting a badge access to the zone Zout and comprising a current badge identifier ID of the badge, a zone identifier corresponding to Zin, and a zone identifier corresponding to Zout; updating by the server the IDlist table by removing the current badge identifier ID from the IDlist table; sending by the server the updated IDlist table to the badge reader; and decrementing by the server the number Pin of badges present in the zone Zin, and if after said decrementing Pin is equal to zero then sending to the badge reader a new key Kin associated with the zone Zin. - View Dependent Claims (15, 16)
-
Specification