Secure short-distance-based communication and access control system
First Claim
Patent Images
1. A secure short-distance-based communication and access control system to control access to a restricted area, the system comprising:
- a plurality of electronically-controlled movable physical barriers, wherein each electronically-controlled movable physical barrier is located in a different sub-location of a plurality of sub-locations of an access control area associated with the restricted area;
at least one beacon for each sub-location, wherein each beacon broadcasts a beacon ID, including one or more unique identifiers, in its sub-location; and
a zone computer associated with a different sub-location of the plurality of sub-locations, wherein the zone computer comprises;
an actuator driver circuit to control actuation of the physical barrier for the sub-location of the zone computer;
a short-distance communication interface to communicate with a mobile device if the mobile device is in the sub-location of the zone computer; and
a processor to;
receive a mobile device identifier from the mobile device via the short-distance communication interface, wherein the mobile device identifier is based on the beacon identifier included in the broadcasted signal;
determine a proximity of the mobile device to a sub-location of the plurality of sub-locations;
determine whether the mobile device is in the sub-location of the zone computer based on the determined proximity of the mobile device to the sub-locationin response to a determination that the mobile device is in the sub-location of the zone computer, determine whether a user associated with the mobile device is validated to access the restricted area, andin response to determining the user is validated, send a signal to the actuator driver circuit to invoke opening or closing of the physical barrier for the sub-location of the zone computer.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure short-distance-based communication and access control system controls access to a restricted area. A run-time mobile device identifier and keys that may be location-specific, device-specific and time-specific are generated and utilized for secure communication between mobile devices and zone computers. The zone computers can validate users via their mobile devices to allow or deny access to the restricted area.
-
Citations
22 Claims
-
1. A secure short-distance-based communication and access control system to control access to a restricted area, the system comprising:
-
a plurality of electronically-controlled movable physical barriers, wherein each electronically-controlled movable physical barrier is located in a different sub-location of a plurality of sub-locations of an access control area associated with the restricted area; at least one beacon for each sub-location, wherein each beacon broadcasts a beacon ID, including one or more unique identifiers, in its sub-location; and a zone computer associated with a different sub-location of the plurality of sub-locations, wherein the zone computer comprises; an actuator driver circuit to control actuation of the physical barrier for the sub-location of the zone computer; a short-distance communication interface to communicate with a mobile device if the mobile device is in the sub-location of the zone computer; and a processor to; receive a mobile device identifier from the mobile device via the short-distance communication interface, wherein the mobile device identifier is based on the beacon identifier included in the broadcasted signal; determine a proximity of the mobile device to a sub-location of the plurality of sub-locations; determine whether the mobile device is in the sub-location of the zone computer based on the determined proximity of the mobile device to the sub-location in response to a determination that the mobile device is in the sub-location of the zone computer, determine whether a user associated with the mobile device is validated to access the restricted area, and in response to determining the user is validated, send a signal to the actuator driver circuit to invoke opening or closing of the physical barrier for the sub-location of the zone computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A mobile device comprising:
-
at least one short-distance communication interface to receive a beacon identifier (ID) from at least one beacon; a data storage storing an operating system and an access control application; a processor executing the operating system, wherein the operating system determines whether the received beacon ID is a registered beacon identifier, and in response to determining the received beacon ID is registered, launches the access control application; the access control application, in response to being launched, is executed by the processor, the access control application to; determine whether the mobile device is at a sub-location of an access control area associated with a restricted area, wherein the access control area includes a plurality of sub-locations, in response to a determination that the mobile device is at the sub-location, calculate a mobile device identifier (ID) for the mobile device based on the beacon ID, wherein the mobile device ID is valid for the sub-location where the mobile device is currently located, and is not valid for any sub-location where the mobile device is not currently located, engage in secure communication with a zone computer for the sub-location using one or more keys via the at least one short-distance communication interface, wherein to engage in secure communications with the zone computer, the access control application causes the processor to; send the calculated mobile device identifier to the zone computer; validate a user associated with the mobile device; and allow access to the restricted area through the sub-location if the user is validated. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A mobile device activation and validation method comprising:
-
receiving a signal via at least one short-distance communication interface of a mobile device; determining, by an operating system running on the mobile device, whether the signal is from a registered beacon; in response to determining the signal is from a registered beacon, launching an access control application stored on the mobile device; determining whether the mobile device is at a sub-location of an access control area associated with a restricted area based on information in the received signal; in response to determining the mobile device is at the sub-location, calculating a mobile device identifier (ID), wherein the mobile device ID is valid for a current location of the mobile device and is not valid for locations other than the current location; and exchanging messages with a zone computer for the sub-location in a secure manner using one or more keys via the at least one short-distance communication interface to validate a user associated with the mobile device and to allow access to the restricted area through the sub-location if the user is validated, wherein exchanging messages with the zone computer includes the access control application sending the calculated mobile device identifier to the zone computer. - View Dependent Claims (18, 19, 20)
-
-
21. A method to control access to a restricted area, the method comprising:
-
determining whether a mobile device is in a sub-location associated with a zone computer; determining whether a mobile device identifier is received from the mobile device via a short-distance communication interface of the zone computer, wherein the mobile device identifier is determined based on broadcasted signals received from at least one beacon for the sub-location associated with the zone computer; in response to determining the mobile device is in the sub-location associated with the zone computer, and further in response to determining the mobile device identifier is received, determining whether a user associated with the mobile device is validated to access the restricted area, and communicating a result of the validation determination to the mobile device via the short distance interface, wherein determining whether the user is validated and communicating the result of the validation comprises securely exchanging messages with the mobile device using one or more keys, and the one or more keys are unique to a current location of the mobile device at the sub-location and valid for a current time only. - View Dependent Claims (22)
-
Specification