System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone

US 9,594,889 B2
Filed: 03/31/2015
Issued: 03/14/2017
Est. Priority Date: 04/05/2005
Status: Active Grant

First Claim

Patent Images

1. A method of controlling physical access to a secure asset, comprising:

detecting a change in access rights to the secure asset associated with a mobile device, the mobile device storing credential information including a first expiration date;

determining a first location of the mobile device;

based upon the determined first location, wirelessly transmitting a credential information update to the mobile device, the credential information update including a second expiration date that is different from the first expiration date;

receiving an authentication request related to the credential information update while the mobile device resides in a second location that is different from the first location, the authentication request comprising data stored at a reader of a physical access control system associated with a physical access point of the secure asset; and

executing an access control decision with respect to the reader based on data included in the authentication request.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is generally directed toward a mobile device that can be used in a secure access system. More specifically, the mobile device can have credential data loaded thereon remotely updated, enabled, disabled, revoked, or otherwise altered with a message sent from, for example, a control panel and/or controller in the system.

Citations

24 Claims

1. A method of controlling physical access to a secure asset, comprising:
- detecting a change in access rights to the secure asset associated with a mobile device, the mobile device storing credential information including a first expiration date;
  
  determining a first location of the mobile device;
  
  based upon the determined first location, wirelessly transmitting a credential information update to the mobile device, the credential information update including a second expiration date that is different from the first expiration date;
  
  receiving an authentication request related to the credential information update while the mobile device resides in a second location that is different from the first location, the authentication request comprising data stored at a reader of a physical access control system associated with a physical access point of the secure asset; and
  
  executing an access control decision with respect to the reader based on data included in the authentication request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the first location is within a cellular telephone reception area.
  - 3. The method of claim 1, wherein the second location is within near field communication range of a credential reader.
  - 4. The method of claim 1, wherein the second location is within a Bluetooth communication range of a credential reader.
  - 5. The method of claim 1, wherein determining the first location is based on receiving location information from the mobile device.
  - 6. The method of claim 1, further comprising, authenticating the credential information prior to transmitting the credential information update.
  - 7. The method of claim 1, wherein detecting the change in access rights to the secure asset comprises detecting an operation corresponding to existing credential information stored at the mobile device, and wherein the credential information update is based on detecting the operation corresponding to the existing credential information.
  - 8. The method of claim 1, wherein detecting the change in access rights to the secure asset comprises determining that the access rights of a user associated with the mobile device have been revoked.
  - 9. The method of claim 1, wherein the credential information stored in the mobile device comprises an encrypted electronic key associated with the reader.
  - 10. The method of claim 1, wherein the physical access point of the secure asset includes a lock coupled to the physical access point.

11. A method of controlling physical access to a secure asset, comprising:
- detecting, by a server, a change in access rights to the secure asset associated with a mobile device, the mobile device storing credential information including a first expiration date;
  
  determining, by the server, a first location of the mobile device;
  
  transmitting a credential information update from the server to the mobile device, the credential information update including a second expiration date that is different from the first expiration date;
  
  receiving, at the mobile device from a reader of a physical access control system associated with a physical access point of the secure asset, an authentication request related to the credential information update while the mobile device resides in a second location that is different from the first location, the second location being within a radio frequency (RF) communication range of the reader and the authentication request comprising data stored at the reader; and
  
  executing, by the mobile device, an access control decision with respect to the reader based on one or more of;
  
  the credential information update or data included in the authentication request.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11, further comprising,executing the access control decision at least in part upon determining that the mobile device is in the second location.
  - 13. The method of claim 11, wherein the first location is an area within a first transmitter.
  - 14. The method of claim 13, wherein the first transmitter is a cellular telephone network transmitter.

15. A mobile device, comprising:
- a receiver;
  
  a transmitter; and
  
  a processor operable to perform operations comprising;
  
  transmitting, using the transmitter, a first location of the mobile device to a server;
  
  receiving, using the receiver, a credential information update corresponding to credential information stored at the mobile device, the credential information update including a second expiration date that is different from a first expiration date included in the stored credential information, and wherein the credential information update is received from the server based on detecting a change in access rights to a secure asset associated with the mobile devicereceiving, using the receiver, an authentication request related to the credential information update while the mobile device resides in a second location that is different from the first location, the authentication request comprising data stored at a reader of a physical access control system associated with a physical access point of the secure asset; and
  
  executing an access control decision with respect to the reader based on data included in the authentication request.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The mobile device of claim 15, wherein:
    - the processor is operable to execute the access control decision at least in part based on the credential information update.
  - 17. The mobile device of claim 15, wherein at least one of the receiver or the transmitter is operable as a Bluetooth receiver or transmitter.
  - 18. The mobile device of claim 15, wherein at least one of the receiver or the transmitter is operable as a cellular telephone receiver or transmitter.
  - 19. The mobile device of claim 15, wherein:
    - the processor is operable to make a credential update decision by determining at least in part that the mobile device is in the first location; and
      
      the transmitter is operable to transmit a credential update request.
  - 20. The mobile device of claim 15, wherein, the processor is operable to analyze location information and determine whether the mobile device is in the first location by determining that the receiver received the location information while being within a radio reception area.
  - 21. The mobile device of claim 20, wherein the radio reception area is a cellular transmission area.
  - 22. The mobile device of claim 20, wherein the radio reception area is a global positioning signal area.

23. An apparatus for controlling physical access to a secure asset, comprising:
- one or more processors; and
  
  a storage medium storing instructions that, when executed, are configured to cause the one or more processors to perform operations comprising;
  
  detecting a change in access rights to the secure asset associated with a mobile device, the mobile device storing credential information including a first expiration date;
  
  determining a first location of the mobile device;
  
  wirelessly transmitting a credential information update to the mobile device, the credential information update including a second expiration date that is different from the first expiration date;
  
  receiving an authentication request related to the credential information update while the mobile device resides in a second location that is different from the first location, the authentication request comprising data stored at a reader of a physical access control system associated with a physical access point of the secure asset; and
  
  executing an access control decision with respect to the reader based on data included in the authentication request.

24. A system for controlling physical access to a secure asset, comprising:
- a mobile device that is configured to store credential information including a first expiration date;
  
  a reader of a physical access control system associated with a physical access point of the secure asset; and
  
  a server that is wirelessly communicable with the mobile device,wherein the server is operable to perform operations comprising;
  
  detecting a change in access rights to the secure asset associated with the mobile device;
  
  determining a first location of the mobile device; and
  
  transmitting a credential information update to the mobile device, the credential information update including a second expiration date that is different from the first expiration date; and
  
  wherein the mobile device is operable to perform operations comprising;
  
  receiving, from the reader, an authentication request related to the credential information update while the mobile device resides in a second location that is different from the first location, the second location being within a radio frequency (RF) communication range of the reader and the authentication request comprising data stored at the reader; and
  
  executing an access control decision with respect to the reader based on one or more of;
  
  the credential information update or data included in the authentication request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Lowe, Peter R.
Primary Examiner(s)
DOAN, KIET M

Application Number

US14/674,085
Publication Number

US 20150223066A1
Time in Patent Office

714 Days
Field of Search

455/445, 455/415, 455/411, 455/414.1, 455/403, 455/461, 455/88, 370/352, 726/5, 726/4, 235/492, 235/382, 340/5.73, 340/5.6, 340/5.54, 340/994
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/45   Structures or tools for the...

G07C 9/20   involving the use of a pass

H04L 63/0492   by using a location-limited...

H04L 63/062   for key distribution, e.g. ...

H04L 63/068   using time-dependent keys, ...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/068   using credential vaults, e....

H04W 12/08   Access security

H04W 12/082   using revocation of authori...

H04W 4/023   using mutual or relative lo...

H04W 4/80   Services using short range ...

H04W 48/04   based on user or terminal l...

H04W 88/02   Terminal devices

System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links