System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone

DC CAFC

US 8,150,374 B2
Filed: 12/01/2009
Issued: 04/03/2012
Est. Priority Date: 04/05/2005
Status: Active Grant

- Alert
- Pin

Associated Case

Associated Defendants

First Claim

Patent Images

1. A method of remotely maintaining a secure access system, comprising:

storing, at a secure access system controller, a first set of credential data for at least one user of the secure access system, the secure access system controller in communication with a plurality of readers;

receiving, at the secure access system controller, a credential update for the at least one user of the secure access system; and

in response to receiving the credential update, the controller replacing the first set of credential data with a second set of credential data that is different from the first set of credential data and the controller further automatically initiating a system update process, the system update process comprising;

generating a message comprising information representing the controller'"'"'s replacement of the first set of credential data with the second set of credential data;

determining at least one target for the message, wherein the at least one target comprises at least one mobile device associated with the at least one user;

transmitting the message to the at least one target;

receiving the message at the at least one mobile device; and

modifying at least a portion of memory of the at least one mobile device according to the updated credential information, wherein the modifying comprises at least one of disabling, revoking, and re-writing at least a portion of the memory.

View all claims

1 Assignment

Timeline View

Assignment View

Litigations

3 Petitions

Accused Products

Abstract

The present invention is generally directed toward a mobile device that can be used in a secure access system. More specifically, the mobile device can have credential data loaded thereon remotely updated, enabled, disabled, revoked, or otherwise altered with a message sent from, for example, a control panel and/or controller in the system.

91 Citations

View as Search Results

36 Claims

1. A method of remotely maintaining a secure access system, comprising:
- storing, at a secure access system controller, a first set of credential data for at least one user of the secure access system, the secure access system controller in communication with a plurality of readers;
  
  receiving, at the secure access system controller, a credential update for the at least one user of the secure access system; and
  
  in response to receiving the credential update, the controller replacing the first set of credential data with a second set of credential data that is different from the first set of credential data and the controller further automatically initiating a system update process, the system update process comprising;
  
  generating a message comprising information representing the controller'"'"'s replacement of the first set of credential data with the second set of credential data;
  
  determining at least one target for the message, wherein the at least one target comprises at least one mobile device associated with the at least one user;
  
  transmitting the message to the at least one target;
  
  receiving the message at the at least one mobile device; and
  
  modifying at least a portion of memory of the at least one mobile device according to the updated credential information, wherein the modifying comprises at least one of disabling, revoking, and re-writing at least a portion of the memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the system update process further comprises transmitting the message from the controller to at least one of the plurality of readers.
  - 3. The method of claim 1, wherein the at least one mobile device has the first set of credential data stored thereon prior to the at least one mobile device receiving the message, and wherein upon receiving the message from the controller, the first set of credential data on the at least one mobile device is changed to the second different set of credential data and wherein the message is transmitted to the at least one mobile device without the controller receiving a request for the message from the at least one user.
  - 4. The method of claim 3, wherein the first set of credential data has at least one of a key, password, unique ID, encryption scheme, and transmission protocol that is different in the second set of credential data.
  - 5. The method of claim 1, further comprising, in the event that the at least one mobile device does not receive the message and is subsequently presented to a first reader in the plurality of readers, determining, by the first reader, that the at least one mobile device is invalid.
  - 6. The method of claim 1, wherein the credential updates are received at the controller on a periodic basis.
  - 7. The method of claim 1, further comprising:
    - disabling at least a portion of the memory unless an enabling message is received.
  - 8. The method of claim 1, further comprising de-enrolling a user of at least one mobile device from an access list, wherein the credential update is generated and transmitted to the controller in response to de-enrolling the user from the access list.
  - 9. The method of claim 1, wherein the message is transmitted over a cellular communication network.
  - 10. The method of claim 1, wherein the message is transmitted by at least one of a radio frequency signal and a near field communication signal.
  - 11. The method of claim 1, further comprising:
    - presenting the at least one mobile device to a first reader in the plurality of readers;
      
      generating a second message comprising information related to the at least one mobile device being presented to the reader; and
      
      sending the second message to at least one of a database, controller, and another mobile device.
  - 12. The method of claim 11, wherein the second message is sent via a short message service (SMS) message.
  - 13. The method of claim 1, wherein the credential update is pushed toward the at least one mobile device without any solicitation by the at least one mobile device or a user of the at least one mobile device.

14. A secure access system, comprising:
- at least one mobile device comprising memory, wherein the memory comprises credential information;
  
  a controller in communication with a plurality of readers that secure one or more assets, the controller being configured to receive a credential update for at least one user of the secure access system, the credential update impacting the at least one user'"'"'s permissions for accessing the one or more assets secured by the plurality of readers and, in response to receiving the credential update, automatically initiate a system update process, wherein during the system update process the controller automatically causes a message to be generated that comprises the updated credential, and causes the message to be transmitted to the at least one mobile device associated with the at least one user, wherein the plurality of readers are configured to determine an authenticity of the at least one mobile device, and wherein credential information on the memory is at least one of disabled, revoked, and re-written in response to receiving the message; and
  
  a database which maintains information related to the system, wherein the controller is further operable to cause a second message to be generated that comprises the updated credential and causes the second message to be transmitted to at least one of the database and the plurality of readers.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 15. The system of claim 14, wherein the plurality of readers are configured to determine an authenticity of the at least one mobile device, the system further comprising:
    - a database for maintaining information related to the system, wherein the controller is further operable to cause a second message to be generated that comprises the updated credential and cause the second message to be transmitted to at least one of the database and the plurality of readers.
  - 16. The system of claim 15, wherein, in the event that the at least one mobile device does not receive the message, credentials of the at least one mobile device become obsolete.
  - 17. The system of claim 14, wherein, upon presentation of the at least one mobile device to the at least one reader, the authenticity of the at least one mobile device is determined to be invalid.
  - 18. The system of claim 14, wherein credential information on the memory is altered in response to receiving the message and wherein the credential update is initiated by an entity other than the at least one user.
  - 19. The system of claim 18, wherein the credential information altered on the memory comprises at least one of a key, password, unique ID, encryption scheme, and transmission protocol.
  - 20. The system of claim 14, wherein credential updates are received at the controller on a periodic basis.
  - 21. The system of claim 14, wherein the mobile device comprises a timing-out mechanism, wherein the timing-out mechanism is operable to disable the memory unless an enabling message is received from the controller.
  - 22. The system of claim 14, wherein the controller causes the message to be transmitted to the mobile device via at least one of a global system for mobile communications, a digital cellular system, and a personal communications system.
  - 23. The system of claim 14, wherein the at least one mobile device is at least one of a cellular phone, and personal digital assistant.
  - 24. The system of claim 14, wherein the credential update is initiated in response to de-enrolling at least one user from a list of authorized users.
  - 25. The system of claim 14, wherein the at least one mobile device comprises a plurality of mobile devices, and wherein credential information in each one of the plurality of mobile devices is altered.
  - 26. The system of claim 14, wherein the at least one mobile device comprises a plurality of mobile devices, and wherein credential information in less than all of the plurality of mobile devices is altered.
  - 27. The system of claim 14, wherein the message is transmitted via at least one of a radio frequency and near field communication signal.
  - 28. The system of claim 14, wherein the message is transmitted via a cellular communications network.
  - 29. The system of claim 14, wherein the credential update is pushed toward the at least one mobile device without any solicitation by the at least one mobile device or a user of the at least one mobile device.

30. A mobile device for use by a user in a secure access system, comprising:
- a memory, wherein the memory comprises credential information; and
  
  an interface operable to communicate with a reader and further operable to receive messages relating to updated-credential information, wherein, upon receipt of a first message, the credential information for the user is automatically changed from a first state to a second state and wherein the messages relating to updated-credential information are received without the at least one user transmitting a request for the messages, wherein in the event that the first message is not received, the credential information is maintained in the first state and as a result becomes obsolete, and wherein the reader is operable to determine an authenticity of the mobile device based at least in part upon the credential information, and upon presentation of the mobile device to the reader, the authenticity of the mobile device is determined to be invalid.
- View Dependent Claims (31, 32, 33, 34, 35, 36)
- - 31. The device of claim 30, wherein the reader is associated with a controller and the controller is operable to determine an authenticity of the mobile device based at least in part upon the credential information.
  - 32. The device of claim 31, wherein the reader is operable to determine an authenticity of the mobile device based at least in part upon the credential information.
  - 33. The device of claim 30, wherein the credential information comprises at least one of a key, password, unique ID, encryption scheme, and transmission protocol.
  - 34. The device of claim 30, wherein the at least one of a key, password, unique ID, encryption scheme, and transmission protocol is different in the first state than in the second state.
  - 35. The device of claim 30, further comprising a timing-out mechanism, wherein the timing-out mechanism is operable to disable the memory unless an enabling message is received.
  - 36. The device of claim 30, wherein a near field communications protocol is used by the first interface to communicate with the reader.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Lowe, Peter R.
Primary Examiner(s)
Appiah, Charles
Assistant Examiner(s)
DOAN, KIET M

Application Number

US12/628,574
Publication Number

US 20100077466A1
Time in Patent Office

854 Days
Field of Search

455/411, 455/403, 455/431, 455/422.1, 705/1, 705/39, 235/439, 713/186, 370/352, 380/277, 380/258, 709/205, 709/203, 709/202, 709/217
US Class Current

455/411
CPC Class Codes

G06F 21/31   User authentication

G06F 21/45   Structures or tools for the...

G07C 9/20   involving the use of a pass

H04L 63/0492   by using a location-limited...

H04L 63/062   for key distribution, e.g. ...

H04L 63/068   using time-dependent keys, ...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/068   using credential vaults, e....

H04W 12/08   Access security

H04W 12/082   using revocation of authori...

H04W 4/023   using mutual or relative lo...

H04W 4/80   Services using short range ...

H04W 48/04   based on user or terminal l...

H04W 88/02   Terminal devices

System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone

First Claim

1 Assignment

Litigations

3 Petitions

Accused Products

Abstract

91 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone

First Claim

1 Assignment

Subscription Required

Subscription Required

Litigations

3 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links