System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone

US 9,552,466 B2
Filed: 03/31/2015
Issued: 01/24/2017
Est. Priority Date: 04/05/2005
Status: Active Grant

First Claim

Patent Images

1. A method of operating a physical access control system protecting a secure asset, comprising:

receiving a request following a first transaction between a reader of the physical access control system and a mobile device, the request corresponding to a determination that the mobile device is within proximity of the reader, the reader associated with a physical access point to the secure asset, the first transaction comprising receipt, by the reader, of a first credential stored at the mobile device for operating the physical access point;

generating a second credential for the mobile device based on data included in the request, the second credential being different from the first credential received by the reader in the first transaction; and

in response to the request, routing the second credential to the mobile device via a mobile communications network prior to a second transaction between the mobile device and the reader that is subsequent to the first transaction.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is generally directed toward a mobile device that can be used in a secure access system. More specifically, the mobile device can have credential data loaded thereon remotely updated, enabled, disabled, revoked, or otherwise altered with a message sent from, for example, a control panel and/or controller in the system.

125 Citations

31 Claims

1. A method of operating a physical access control system protecting a secure asset, comprising:
- receiving a request following a first transaction between a reader of the physical access control system and a mobile device, the request corresponding to a determination that the mobile device is within proximity of the reader, the reader associated with a physical access point to the secure asset, the first transaction comprising receipt, by the reader, of a first credential stored at the mobile device for operating the physical access point;
  
  generating a second credential for the mobile device based on data included in the request, the second credential being different from the first credential received by the reader in the first transaction; and
  
  in response to the request, routing the second credential to the mobile device via a mobile communications network prior to a second transaction between the mobile device and the reader that is subsequent to the first transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the data included in the request includes updated location information for the mobile device, and wherein the updated location information comprises location information of the mobile device describing a location within the physical access control system.
  - 3. The method of claim 2, wherein the location information is obtained via a Global Positioning Satellite (GPS) signal.
  - 4. The method of claim 2, wherein the location information is obtained by determining that the mobile device is within proximity of a reader.
  - 5. The method of claim 1, wherein the mobile communications network comprises a cellular communication network.
  - 6. The method of claim 5, wherein the cellular communication network corresponds to at least one of a Global System for Mobile Communications (GSM) network, a Digital Cellular System (DCS), and Personal Communications Systems (PCS).
  - 7. The method of claim 1, wherein the second credential is generated at a central controller.
  - 8. The method of claim 7, wherein the second credential is only generated in response to determining that a holder of the mobile device corresponds to a trusted user in the access control system.
  - 9. The method of claim 1, wherein receiving the request comprises receiving the request, at a central controller, from the mobile device.
  - 10. The method of claim 1, wherein receiving the request comprises receiving the request, at a central controller, from the reader.
  - 11. The method of claim 1, wherein the physical access point to the secure asset includes a lock associated with the physical access point.

12. A physical access control system protecting a secure asset, comprising:
- a controller that is configured to perform operations comprising;
  
  receiving a request following a first transaction between a reader of the physical access control system and a mobile device, the request corresponding to a determination that the mobile device is within proximity of the reader, the reader associated with a physical access point to the secure asset, the first transaction comprising receipt, by the reader, of a first credential stored at the mobile device for operating the physical access point;
  
  generating a second credential for the mobile device based on data included in the request, the second credential being different from the first credential received by the reader in the first transaction; and
  
  in response to the request, routing the second credential to the mobile device via a mobile communications network prior to a second transaction between the mobile device and the reader that is subsequent to the first transaction.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The physical access control system of claim 12, wherein the data included in the request includes updated location information for the mobile device, and wherein the updated location information for the mobile device comprises location information of the mobile device describing a location within the physical access control system.
  - 14. The physical access control system of claim 13, wherein the location information is obtained via a Global Positioning Satellite (GPS) signal.
  - 15. The physical access control system of claim 13, wherein the location information is obtained by determining that the mobile device is within proximity of a reader.
  - 16. The physical access control system of claim 12, wherein the mobile communications network comprises a cellular network.
  - 17. The physical access control system of claim 16, wherein the cellular network corresponds to at least one of a Global System for Mobile Communications (GSM) network, a Digital Cellular System (DCS), and Personal Communications Systems (PCS).
  - 18. The physical access control system of claim 12, wherein the second credential is only generated in response to determining that a holder of the mobile device corresponds to a trusted user in the access control system.
  - 19. The physical access control system of claim 12, wherein receiving the request comprises receiving the request from the mobile device.
  - 20. The physical access control system of claim 12, wherein receiving the request comprises receiving the request from the reader.
  - 21. The physical access control system of claim 12, wherein the physical access point to the secure asset includes a lock associated with the physical access point.

22. A non-transitory computer-readable medium comprising processor-executable instructions for operating a physical access control system protecting a secure asset, the instructions, when executed, are configured to cause a processor to perform operations comprising:
- receiving a request following a first transaction between a reader of the physical access control system and a mobile device, the request corresponding to a determination that the mobile device is within proximity of the reader, the reader associated with a physical access point to the secure asset, the first transaction comprising receipt, by the reader, of a first credential stored at the mobile device for operating the physical access point;
  
  generating a second credential for the mobile device based on data included in the request, the second credential being different from the first credential received by the reader in the first transaction; and
  
  in response to the request, routing the second credential to the mobile device via a mobile communications network prior to a second transaction between the mobile device and the reader that is subsequent to the first transaction.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
- - 23. The computer-readable medium of claim 22, wherein the data included in the request includes updated location information for the mobile device, and wherein the updated location information for the mobile device comprises location information of the mobile device describing a location within the physical access control system.
  - 24. The computer-readable medium of claim 23, wherein the location information is obtained via a Global Positioning Satellite (GPS) signal.
  - 25. The computer-readable medium of claim 23, wherein the location information is obtained by determining that the mobile device is within proximity of a reader.
  - 26. The computer-readable medium of claim 22, wherein the mobile communications network comprises a cellular communications network.
  - 27. The computer-readable medium of claim 22, wherein receiving the request comprises receiving the request, at a central controller, from the mobile device.
  - 28. The computer-readable medium of claim 22, wherein receiving the request comprises receiving the request, at a central controller, from the reader.
  - 29. The computer-readable medium of claim 22, wherein the physical access point to the secure asset includes a lock associated with the physical access point.

30. A system of operating a physical access control system protecting a secure asset, comprising:
- a mobile device that is configured to perform operations comprising;
  
  transmitting, via a mobile communications network, a request following a first transaction between a reader of the physical access control system and the mobile device, the reader associated with a physical access point to the secure asset, the request corresponding to a determination that the mobile device is within proximity of the reader, the first transaction comprising receipt, by the reader, of a first credential stored at the mobile device for operating the physical access point; and
  
  in response to the request, receiving, at the mobile device via the mobile communications network, a second credential for the mobile device generated based on data included in the request, the second credential different from the first credential received by the reader in the first transaction, the second credential received prior to a second transaction between the mobile device and the reader that is subsequent to the first transaction.

31. A physical access control system protecting a secure asset, comprising:
- a mobile device configured to store credentials for operating a physical access point to the secure asset; and
  
  a controller that is configured to perform operations comprising;
  
  receiving a request following a first transaction between a reader of the physical access control system and the mobile device, the request corresponding to a determination that the mobile device is within proximity of the reader, the reader associated with the physical access point, the first transaction comprising receipt of a first credential stored at the mobile device;
  
  generating a second credential for the mobile device based on data included in the request, the second credential different from the first credential received by the reader in the first transaction; and
  
  in response to the request, routing the second credential to the mobile device via a mobile communications network prior to a second transaction between the mobile device and the reader that is subsequent to the first transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Lowe, Peter R.
Primary Examiner(s)
DOAN, KIET M

Application Number

US14/674,167
Publication Number

US 20150223067A1
Time in Patent Office

665 Days
Field of Search

455/456.1, 455/466, 455/403, 455/422.1, 455/412.2, 455/411, 455/456.2, 455/574, 370/352, 370/328, 726/6, 726/19, 726/18, 726/4, 726/7, 705/44, 705/71, 705/21, 235/462.46
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/45   Structures or tools for the...

G07C 9/20   involving the use of a pass

H04L 63/0492   by using a location-limited...

H04L 63/062   for key distribution, e.g. ...

H04L 63/068   using time-dependent keys, ...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/068   using credential vaults, e....

H04W 12/08   Access security

H04W 12/082   using revocation of authori...

H04W 4/023   using mutual or relative lo...

H04W 4/80   Services using short range ...

H04W 48/04   based on user or terminal l...

H04W 88/02   Terminal devices

System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

125 Citations

31 Claims

Specification

Use Cases

Quick Links

Others

System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

125 Citations

31 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others